agent-search
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill manages an inherent surface for indirect prompt injection from third-party search results through multi-layered mitigations.\n
- Ingestion points: Untrusted data enters the agent context via search snippets from Brave, Tavily, Exa, and DuckDuckGo search engines, as processed in
scripts/agent_search.py.\n - Boundary markers: All search results are delivered in structured JSON and include a
safety_noticefield explicitly marking content as untrusted third-party data.\n - Capability inventory: The skill can perform network requests to search APIs and write to a local SQLite cache and configuration file within the
~/.agents/haiyuan-ai/directory.\n - Sanitization: The
scripts/content_safety.pymodule proactively sanitizes snippets by removing known injection patterns, stripping HTML/code blocks, and enforcing an allowlist for URL schemes.\n- [EXTERNAL_DOWNLOADS]: The skill performs network requests to trusted search and AI service providers.\n - Evidence: Network requests are made to
api.tavily.com,api.search.brave.com,api.exa.ai, andgenerativelanguage.googleapis.com(Google Gemini), which are recognized as well-known and trusted technology services.\n- [COMMAND_EXECUTION]: The tool is designed to be executed as a local command-line interface script.\n - Evidence: The primary entry point is the plaintext Python script
scripts/agent-search-cli, which orchestrates the search logic locally.\n- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill follows security best practices for handling untrusted data by implementing proactive filtering and maintaining clear trust boundaries between the search results and the agent.
Audit Metadata