serpapi
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted web content from search results, creating a potential surface for indirect prompt injection.\n
- Ingestion points: Search results retrieved from the SerpAPI endpoint in scripts/search.sh, scripts/search_ja.sh, scripts/search_llm.sh, and scripts/search_news_24h.sh.\n
- Boundary markers: Absent; results are returned to the agent without explicit delimiters or instructions to treat the content as data rather than instructions.\n
- Capability inventory: The skill utilizes curl for network operations and jq for parsing search data.\n
- Sanitization: User-provided search queries are URL-encoded via jq before being used in API requests.\n- [EXTERNAL_DOWNLOADS]: Communicates with the official SerpAPI domain (serpapi.com), which is a well-known service for search data aggregation.\n- [DATA_EXFILTRATION]: Accesses sensitive API credentials from the local configuration file at ~/.clawdbot/serpapi-config.json to authenticate search requests.
Audit Metadata