web-search
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests permission to execute the infsh command-line tool to perform web searches and data extraction.
- [EXTERNAL_DOWNLOADS]: The skill relies on the inference-sh/skills toolset, which it instructs users to install using npx.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it retrieves and processes data from external websites. Ingestion points: Data retrieved from URLs via the tavily/extract and exa/extract apps. Boundary markers: The documentation recommends wrapping untrusted external content in specific tags like to help the agent distinguish it from instructions. Capability inventory: Permission to execute system commands via Bash(infsh *) is required. Sanitization: No automated sanitization of the scraped web content is performed by the skill; it relies on prompt-based delimiters.
Audit Metadata