Skills
skills/inference-shell/skills/web-search/Gen Agent Trust Hub

web-search

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the infsh CLI tool to perform web searches and data extraction tasks. All commands are specific to the vendor's platform capabilities.
  • [EXTERNAL_DOWNLOADS]: The documentation references external skill installation via npx skills add inference-sh/skills@agent-tools, which is a standard method for expanding agent capabilities within the vendor's ecosystem.
  • [PROMPT_INJECTION]: As the skill retrieves and processes external web content, it creates an indirect prompt injection surface. Malicious content on a searched or extracted website could potentially influence subsequent LLM actions if the data is not properly sanitized or delimited.
  • Ingestion points: Data enters the system via infsh app run tavily/search-assistant, tavily/extract, and exa/extract (SKILL.md).
  • Boundary markers: The examples use simple tags like <search-results> and <content>, but do not include explicit instructions to ignore embedded content.
  • Capability inventory: The agent is permitted to run infsh commands, which can include LLM calls and other platform apps.
  • Sanitization: No explicit sanitization or filtering of the retrieved web content is demonstrated in the provided examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 09:26 PM