Skills
skills/inferen-sh/skills/web-search/Gen Agent Trust Hub

web-search

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is configured to use the Bash tool to execute the infsh CLI. This is the intended primary function for interacting with the search services provided by the vendor.\n- [EXTERNAL_DOWNLOADS]: The skill instructions direct users to install external dependencies from the vendor's repository using npx. This follows the standard installation procedure for the vendor's toolset.\n- [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface as it retrieves content from the internet to be processed by an agent. \n
  • Ingestion points: External web content is retrieved via tavily/extract and exa/extract in SKILL.md.\n
  • Boundary markers: Workflow examples use <search-results> and <content> tags to separate external data from instructions.\n
  • Capability inventory: The skill has broad execution rights for the infsh tool via Bash(infsh *).\n
  • Sanitization: No specific filtering or sanitization of the retrieved web content is described in the provided examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 09:55 PM