web-search
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Command Execution (SAFE): The skill uses bash commands like
curl,grep,jq, andheadto perform searches and process results. While an automated scanner flagged these as Remote Code Execution, the commands are used for data extraction and text processing, not for executing downloaded code. This behavior is standard and necessary for a web search skill. - External Downloads (LOW): The skill connects to DuckDuckGo and SerpAPI to fetch search data. Although these are non-whitelisted domains, they are reputable search providers and their use is the primary intended purpose of the skill, which justifies the network activity.
- Indirect Prompt Injection (LOW):
- Ingestion points: Search result snippets and full page content fetched via DuckDuckGo, SerpAPI, and the
WebFetchtool. - Boundary markers: Absent. The skill does not currently include delimiters or system-level instructions to ignore malicious prompts embedded in search results.
- Capability inventory: The agent has access to
Bash,WebSearch, andWebFetchtools, creating a potential risk if it obeys instructions found in search results. - Sanitization: None provided in the script; the skill relies on the agent's internal safety filters.
- Credentials Access (SAFE): The skill accesses
serpapi.apiKeythrough a local configuration manager (alma config). This is a secure best practice compared to hardcoding keys directly in the script.
Recommendations
- HIGH: Downloads and executes remote code from: https://html.duckduckgo.com/html/?q=latest+AI+news+2026 - DO NOT USE without thorough review
Audit Metadata