searxng
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides usage examples that encourage the use of the exec tool to run curl and jq commands on the host system. This practice grants the AI agent direct access to the shell, which significantly increases the risk if the agent's behavior is influenced by untrusted data.\n- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection as it retrieves and processes snippets and titles from external search results.\n
- Ingestion points: Untrusted data enters the agent context through search results fetched from localhost:8888 using web_fetch or exec (SKILL.md).\n
- Boundary markers: The skill documentation lacks explicit instructions or delimiters to isolate search results from the agent's system instructions.\n
- Capability inventory: The skill makes use of web_fetch and exec, providing a broad set of capabilities that could be exploited by malicious content within search results (SKILL.md).\n
- Sanitization: No mechanisms for sanitizing or validating the content of search snippets are described or implemented.\n- [EXTERNAL_DOWNLOADS]: The documentation mentions fetching and running the official SearXNG Docker image from a well-known container registry.
Audit Metadata