gs-search
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill navigates to
scholar.google.com, which is a well-known technology service. This interaction is legitimate and necessary for the skill's stated purpose of academic search.- [SAFE]: Usesevaluate_scriptto run a scraper in the browser context. The JavaScript code is statically defined in the skill and is focused on extracting structured paper data from the DOM.- [PROMPT_INJECTION]: The skill processes untrusted web content, creating a surface for indirect prompt injection. - Ingestion points: Data is scraped from titles, snippets, and author fields in
SKILL.mdusing CSS selectors like.gs_rtand.gs_rs. - Boundary markers: No delimiters or instructions to ignore embedded content are used in the reporting phase.
- Capability inventory: The skill uses browser navigation and script execution via
mcp__chrome-devtools. - Sanitization: Scraped text is presented directly to the agent without escaping or validation. This represents a standard scraping surface with low risk given the context.
Audit Metadata