The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses uv run to execute a local Python script (scripts/searxng.py). This is the primary method of operation and is clearly documented.
[EXTERNAL_DOWNLOADS]: The Python script makes network requests to a user-configurable SEARXNG_URL using the httpx library to retrieve search results. In scripts/searxng.py, the httpx.get call is configured with verify=False. This disables SSL/TLS certificate validation, which is a security risk as it allows for potential interception or modification of traffic by attackers on the network.
[DATA_EXFILTRATION]: While not malicious exfiltration, the skill inherently sends user search queries to the specified SearXNG instance. If an untrusted URL is configured as the SEARXNG_URL, search data would be sent to that external server.
[PROMPT_INJECTION]: The skill processes untrusted search results (titles, snippets, and URLs) and presents them to the AI agent. This constitutes an indirect prompt injection surface where a malicious website could craft content intended to influence the AI's subsequent actions.
Ingestion points: Search results (title, URL, content snippet) are fetched from the SearXNG API in scripts/searxng.py via httpx.get.
Boundary markers: The skill lacks explicit delimiters or instructions to the AI to ignore potential instructions embedded within the search results.
Capability inventory: The agent can execute the search script and potentially use other tools in its environment.
Sanitization: There is no evidence of sanitization or filtering of the retrieved content before it is passed to the AI agent.

searxng