serpapi
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted search results from external websites via SerpAPI.
- Ingestion points: Search results from engines like Google and Amazon returned to the agent via
serp.py. - Boundary markers: None identified in the skill's instructions or examples.
- Capability inventory: The skill retrieves and formats external search data for agent consumption.
- Sanitization: Implementation details for sanitizing external content are unavailable as
scripts/serp.pyis missing. - [Missing Source Code] (INFO): The skill documentation references a Python script
scripts/serp.pywhich is not included in the provided files. Safety of execution and network behavior cannot be fully audited. - [Network Operation] (LOW): The tool is designed to communicate with
serpapi.comto perform its search functions. While this is a non-whitelisted domain, the behavior is consistent with the skill's stated purpose.
Audit Metadata