web-search
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the infsh CLI to execute search apps and manage user sessions on the inference.sh platform.
- [EXTERNAL_DOWNLOADS]: References the installation of additional tools and skills from the vendor via the npx skills add command.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it fetches and processes untrusted content from the public web. 1. Ingestion points: External content is retrieved using the tavily/extract, exa/extract, and search apps. 2. Boundary markers: Workflow examples use basic delimiters like but do not provide explicit instructions for the agent to ignore instructions embedded in the external data. 3. Capability inventory: The skill has access to the infsh command for performing network operations and tool execution. 4. Sanitization: No content validation or sanitization of retrieved data is mentioned in the instructions.
Audit Metadata