serper-scholar
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): No instructions to override behavior or bypass safety filters were found in the tool descriptions or examples.
- Data Exposure & Exfiltration (SAFE): Credentials like the Serper API key are handled through environment variable placeholders rather than hardcoded secrets.
- Obfuscation (SAFE): No Base64, zero-width characters, or other hidden content techniques were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not reference external packages or include any patterns for remote script execution.
- Metadata Poisoning (SAFE): The name, description, and version history are consistent with the academic search functionality and contain no deceptive instructions.
- Code Analysis (NO_CODE): This skill package consists solely of documentation and configuration in Markdown format and does not include any executable scripts.
Audit Metadata