agent-search
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a comprehensive safety model in
scripts/content_safety.pydesigned to mitigate indirect prompt injection. It uses regular expressions to detect and strip common jailbreak and instruction-override patterns in both English and Chinese from search titles and snippets. - [SAFE]: URL handling is restricted via an allowlist that only permits
http://andhttps://schemes, preventing potential attacks involvingjavascript:,data:, orfile:URIs. - [SAFE]: The skill explicitly avoids fetching full third-party page content at runtime, relying only on search snippets provided by the API engines. This significantly reduces the attack surface for malicious content ingestion.
- [SAFE]: Configuration management for API keys follows standard practices, reading from environment variables or a local
.envfile within the skill's own directory (~/.agents/haiyuan-ai/). - [SAFE]: Persistence is limited to a local SQLite-based cache and configuration files used for intended functionality. No unauthorized persistence mechanisms (like shell profile modification) were found.
- [SAFE]: Analysis of the Python dependencies (
aiohttp,ddgs) and search engine client implementations (brave_client.py,tavily_client.py,exa_client.py,ddgs_client.py) shows standard usage of official APIs without suspicious behavior.
Audit Metadata