grok-search
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill stores API keys in unencrypted JSON files (
config.json,config.local.json). Theconfigure.ps1script prompts for these secrets and saves them in plain text, which is an unsafe practice for sensitive credentials.- [COMMAND_EXECUTION]: The documentation and installation instructions (inREADME.md,SKILL.md, andinstall.ps1) recommend running PowerShell with-ExecutionPolicy Bypass. This command disables local security restrictions that are meant to protect against the execution of untrusted scripts.- [COMMAND_EXECUTION]: The scriptscripts/grok_search.pydisables SSL certificate verification when communicating with the API (verify=Falseandurllib3.disable_warnings). This bypasses critical security protocols and leaves the connection vulnerable to interception by attackers.- [DATA_EXFILTRATION]: The skill transmits search queries and user-provided API keys to an external endpoint over the network. While necessary for the skill's function, it involves sending sensitive data to a third-party server.- [PROMPT_INJECTION]: The skill definition contains aggressive behavioral instructions that mandate its use before the agent provides answers, which can be used to bypass default reasoning steps.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from search results. - Ingestion points: Search results are fetched from an external API in
scripts/grok_search.py. - Boundary markers: No explicit delimiters or instructions are used to separate external content from the prompt.
- Capability inventory: The skill has network access and file system access for configuration.
- Sanitization: No validation or filtering is performed on data retrieved from external websites.
Recommendations
- AI detected serious security threats
Audit Metadata