web-search
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
infshCLI tool to run specific applications for search and extraction, such astavily/search-assistantandexa/extract.- [EXTERNAL_DOWNLOADS]: Links to external documentation and resources on theinference.shdomain are provided, along with installation commands usingnpx.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches untrusted data from the internet and passes it directly into LLM prompts for analysis. - Ingestion points: Untrusted web content and search results retrieved via
tavilyandexatools (SKILL.md). - Boundary markers: Basic tags like
<search-results>are used in workflow examples, but there is no instruction to the AI to ignore instructions contained within that data. - Capability inventory: The skill can execute CLI commands, write search results to local files, and initiate network calls to LLM providers.
- Sanitization: No sanitization or content filtering is implemented for the data extracted from the web before it is included in a prompt.
Audit Metadata