grok-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill sends queries to a configurable Grok web-search endpoint (GROK_BASE_URL) that is explicitly instructed to "Use live web search/browsing" (see the system prompt in scripts/grok_search.py and README), and the agent consumes the returned content/sources—i.e., untrusted public web content is ingested as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt explicitly tells the user to run PowerShell with "ExecutionPolicy Bypass", which is an instruction to bypass a security mechanism (though it does not request sudo, create users, or modify system-level files), so it poses a moderate-high risk.