desearch-web-search
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted search results from the web, creating an indirect prompt injection surface.\n
- Ingestion points: Data is ingested from the Desearch API via the
api_requestfunction inscripts/desearch.py.\n - Boundary markers: Absent. The script does not utilize explicit delimiters or instructions to frame the retrieved content for the agent.\n
- Capability inventory: Across all scripts, capabilities are limited to network requests to
api.desearch.ai. There is no file-system write access or subprocess execution capability.\n - Sanitization: Absent. No filtering or sanitization of snippets or titles is performed before they are returned to the agent.\n- [DATA_EXFILTRATION]: The skill connects to the vendor's API to perform its core search function.\n
- Evidence: Network requests are made to
https://api.desearch.ai. This is a vendor-owned resource used as intended by the skill's author 'Desearch-ai'.
Audit Metadata