native-web-search

This SKILL.md is a documentation/manifest for a "native-web-search" skill. It describes taking a user query and purpose, invoking a model/native web search, and returning concise summaries with full URLs. There is no code in the provided file that downloads or executes remote binaries, reads credential files, or forwards secrets. The only slightly unusual aspect is the guidance to set PI_AI_MODULE_PATH to a package dist path if module resolution fails — that could let a user (or a misled user) point the runtime at arbitrary local or third-party code, which is a minor supply-chain consideration but not direct malicious behavior in this manifest. Overall I find no direct malicious intent. The primary risks are standard supply-chain/transparency concerns: lack of explicit provider endpoints and the potential for a user to point the runtime at untrusted modules. Recommend verifying the actual search implementation (search.mjs) and the runtime module resolved by PI_AI_MODULE_PATH before trusting it in sensitive environments.