microlink-google
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process unstructured data from external Google services (Search, News, Scholar, etc.), which creates a surface for indirect prompt injection where malicious content embedded in search results or metadata could attempt to influence the agent's logic.\n
- Ingestion points: Titles, descriptions, and HTML content retrieved from Google verticals through the
@microlink/googlelibrary.\n - Boundary markers: The documentation does not specify the use of delimiters or explicit instructions for the agent to ignore embedded commands within the ingested data.\n
- Capability inventory: The skill facilitates fetching remote content and structured data from the Microlink API.\n
- Sanitization: No explicit sanitization or validation of the retrieved content is described within the skill's instructions.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes the
@microlink/googleNode.js library, which is a vendor-provided package for interacting with the Microlink API.
Audit Metadata