qiaomu-smart-search
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by executing the
openclicommand-line utility to perform searches across multiple platforms. It instructs the agent to run help commands (-h) before executing searches to ensure parameters and subcommands are correct. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests untrusted data from external websites and AI search results.
- Ingestion points: External content is brought into the agent's context through search results returned by the
openclitool. - Boundary markers: The instructions do not specify any delimiters (such as XML tags or triple quotes) to separate untrusted search data from the agent's internal instructions.
- Capability inventory: The agent can execute further
openclicommands and generate responses based on the content it reads, creating a potential for following instructions embedded in search results. - Sanitization: There is no explicit logic to sanitize, filter, or escape the content retrieved from external sources before processing.
- [SAFE]: The skill implements internal guardrails, including a frequency-limiting policy (calling ledger) to prevent excessive tool invocation and resource abuse.
- [SAFE]: No evidence of credential harvesting, data exfiltration, or malicious code obfuscation was detected.
Audit Metadata