web-search
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by fetching and processing content from external websites.\n
- Ingestion points: Untrusted data enters the agent's context through the
tavily/search-assistant,tavily/extract,exa/search,exa/answer, andexa/extracttools (SKILL.md).\n - Boundary markers: The examples provided do not demonstrate the use of delimiters or specific instructions to the agent to ignore instructions embedded within the retrieved web content.\n
- Capability inventory: The skill utilizes the
infshcommand-line tool for operations and describes workflows where retrieved data is piped directly into other large language models (SKILL.md).\n - Sanitization: There is no evidence of sanitization, filtering, or structured validation of the content extracted from external URLs before it is processed by the agent.\n- [EXTERNAL_DOWNLOADS]: The documentation suggests the installation of the
infshCLI tool vianpxfrom theinference-shorganization repository (SKILL.md).
Audit Metadata