grok-search
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): The
SKILL.mdmetadata and content contain explicit instructions to force the agent to ignore its built-inWebSearchandWebFetchtools in favor of the provided CLI script. This is a behavioral override attempt intended to bypass system-level tool routing. - Command Execution (MEDIUM): The
toggle_builtin_toolscommand is designed to modify<project>/.claude/settings.json. Manipulating internal configuration files of the agent's host environment is a security concern, as it allows the skill to change the agent's operational parameters or disable platform-level safety features. - Indirect Prompt Injection (LOW): The skill provides tools for fetching data from external URLs (
web_fetch) and writing it to local files (--out). This creates a surface for indirect prompt injection if the fetched content contains instructions designed to influence the agent's subsequent actions. - Ingestion points: External webpage content fetched via the
web_fetchcommand. - Boundary markers: No delimiters or "ignore embedded instructions" warnings are present in the documentation for handling fetched content.
- Capability inventory: File system writing (
--outflag), configuration file modification, and network access via the CLI script. - Sanitization: No sanitization or validation of external content is specified in the CLI commands or skill instructions.
Audit Metadata