Skills
skills/mitsuhiko/agent-commands/native-web-search/Gen Agent Trust Hub

native-web-search

Fail

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a resolveConfigValue function that executes shell commands via execSync for configuration values starting with an exclamation mark ('!'). This allows for arbitrary command execution if the skill's configuration data is manipulated.
  • [DATA_EXFILTRATION]: The script reads from and writes to ~/.pi/agent/auth.json, which contains sensitive API keys and session tokens. This creates a significant risk of exposure for the user's AI provider credentials.
  • [COMMAND_EXECUTION]: The skill performs dynamic code loading using import() on paths determined at runtime, including paths influenced by the PI_AI_MODULE_PATH environment variable, which could be used to execute malicious local code.
  • [EXTERNAL_DOWNLOADS]: The script makes network requests to trusted services like OpenAI and Anthropic. These calls are documented as safe interactions with well-known services, though they involve the transmission of sensitive authentication headers.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 16, 2026, 04:53 PM