smart-search
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to dynamically construct and execute shell commands using the
opencliutility. Commands are built using parameters derived from both user input and the real-time help output (-h) of the tool, which could lead to command injection if the execution environment does not properly sanitize inputs. - [EXTERNAL_DOWNLOADS]: The skill facilitates the retrieval of data from numerous external sources and well-known services, including Google, Wikipedia, Reuters, and various AI platforms such as Grok, Gemini, and Doubao.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external websites without explicit boundary markers or instructions to treat the content as potentially malicious.
- Ingestion points: Search results and page content retrieved from external sites via
openclias referenced inSKILL.mdand files in thereferences/directory. - Boundary markers: Absent; the skill does not specify delimiters or warnings to ignore instructions embedded within retrieved search results.
- Capability inventory: The agent can execute shell commands (
opencli) and make subsequent network requests based on search findings. - Sanitization: Absent; no instructions are provided to sanitize or validate the external content before the agent processes it.
Audit Metadata