Skills
skills/hachiman566/miao-skills/web-search/Gen Agent Trust Hub

web-search

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/setup.sh script downloads the official searxng/searxng image from Docker Hub to provide the search backend.\n- [COMMAND_EXECUTION]: The skill executes shell commands to manage Docker containers (docker run, docker start) and creates a local configuration directory at ~/.config/searxng.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes snippets and content from third-party websites.\n
  • Ingestion points: The SKILL.md file instructs the agent to fetch search results from the local SearXNG API instance.\n
  • Boundary markers: Absent. The instructions do not define delimiters or provide warnings for handling the embedded search result data.\n
  • Capability inventory: The agent is empowered to use web_fetch or browser tools to interact with web content based on search results.\n
  • Sanitization: Absent. There is no evidence of filtering, escaping, or sanitizing the retrieved search content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 04:53 AM