The Agent Skills Directory

Dynamic Execution (MEDIUM): The browser_pool.py file configures the Playwright Chromium instances with --no-sandbox and --disable-web-security flags.\n
Evidence: Lines 42-47 in browser_pool.py show these flags being used during browser launch.\n
Risk: Disabling the sandbox allows malicious websites to potentially escape the browser process and execute code on the host system. Disabling web security bypasses the Same-Origin Policy, potentially allowing a site to access local resources or other domains.\n- Indirect Prompt Injection (LOW): The skill crawls arbitrary external URLs and passes the content to an LLM for analysis in server.py via the analyzer.search method.\n
Ingestion points: Web content retrieved from URLs found via the SearXNG search engine (server.py).\n
Boundary markers: None visible in the provided snippets (the IntelligentSearchAnalyzer class implementation in analyzer.py is missing from the provided files).\n
Capability inventory: The system uses Playwright for web navigation and an OpenAI-compatible client for content analysis (server.py).\n
Sanitization: No sanitization or instruction-filtering logic is present in the provided filtering and scoring modules (result_filter.py, url_scorer.py).\n- External Downloads (SAFE): The Dockerfile downloads the Chromium browser and various Python packages during the build process.\n
Evidence: RUN playwright install chromium and RUN pip install ... in the Dockerfile.\n
Risk: These downloads come from trusted sources (Microsoft and PyPI), making them safe under the [TRUST-SCOPE-RULE], but they are external dependencies.

websearch-service