Skills
skills/memento-teams/memento-skills/web-search/Gen Agent Trust Hub

web-search

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes and presents arbitrary external content to the agent from web searches and URL fetching.
  • Ingestion points: Untrusted data enters the agent context through scripts/fetch.py (via httpx.get) and scripts/search.py (via results from the Tavily search API).
  • Boundary markers: The skill uses basic Markdown headers such as --- Source: {url} --- and search result indices, but lacks robust delimiters or explicit instructions for the agent to ignore embedded commands within the fetched data.
  • Capability inventory: The skill's scripts are restricted to network read operations and string manipulation; they do not contain capabilities for file system writes, subprocess execution, or shell command spawning.
  • Sanitization: While scripts/fetch.py uses BeautifulSoup to remove potentially dangerous HTML tags like <script> and <style>, it does not perform NLP-level sanitization or filtering on the remaining text content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 04:09 PM