search-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill acts as a bridge for untrusted data by fetching and parsing skill descriptions from various third-party registries. While it lacks explicit boundary delimiters, it provides the agent with a comprehensive security checklist to evaluate fetched content.
- Ingestion points: Fetches content from
github.com,skills.sh,clawhub.ai, andskillsmp.comviaWebFetch. - Boundary markers: None explicitly defined in the search process instructions.
- Capability inventory: The skill itself has no capabilities for file writing, command execution, or sensitive data access.
- Sanitization: Includes a 'Quality Filtering' and 'Security checks' step that explicitly mandates filtering for suspicious code patterns,
eval()usage, and requests for sensitive paths like~/.ssh. - Data Exposure & Exfiltration (LOW): The skill performs network operations to non-whitelisted domains (
skills.sh,clawhub.ai,skillsmp.com) to retrieve search results. However, this behavior is restricted to the skill's primary search purpose and does not involve accessing sensitive local data.
Audit Metadata