web-search
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
curlcommands and local Python scripts to interact with search APIs and process results. It mitigates injection risks by using Python'surllib.parse.quoteandjson.dumpsto sanitize user input before it is passed to the shell. - [EXTERNAL_DOWNLOADS]: The skill interacts with established search providers (Tavily, Serper, Brave, etc.) and uses the Google Gemini API for image generation. These are well-known or trusted services. The skill also downloads images, which are then validated and filtered for quality using the
Pillowlibrary. - [CREDENTIALS_UNSAFE]: Secret management is handled through environment variables or
.envfiles, which is the recommended approach for local tools. The skill instructions explicitly warn against printing raw API keys and provide masking examples. - [DATA_EXFILTRATION]: No unauthorized data transmission was found. Network activity is limited to the search and generation APIs necessary for the skill's documented functionality.
- [SAFE]: The skill's behavior is entirely consistent with its description. It implements comprehensive query optimization, result cleaning, and error handling, demonstrating a high level of engineering quality and security awareness.
Audit Metadata