hence-search
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill fetches and displays third-party project information (titles and pitches) from the
hence.shAPI. This external content is untrusted and could contain instructions designed to manipulate the agent's behavior. - Ingestion points: Search results are fetched in
scripts/search.pyand topics are fetched inscripts/fetch_metadata.py. - Boundary markers: The skill does not use specific delimiters or instructions to the agent to disregard embedded commands in the fetched data.
- Capability inventory: The skill scripts can read and write authentication tokens in
~/.hence/and perform network requests tohence.sh. - Sanitization: The scripts do not perform validation or sanitization on the text returned from the API endpoints before it is presented to the agent.
Audit Metadata