Skills
skills/nex-zmh/agent-websearch-skill/multi-search/Gen Agent Trust Hub

multi-search

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill operates as a legitimate search aggregator, directing traffic only to established and well-known services like DuckDuckGo, Microsoft Bing, and Tavily.
  • [SAFE]: Credential management is handled securely; the skill retrieves API keys from environment variables or a local JSON file, which prevents the exposure of sensitive secrets within the code itself.
  • [SAFE]: The WebContentFetcher class in multi_search.py performs essential sanitization by removing <script> and <style> tags from fetched HTML content, which helps protect the agent from indirect prompt injection or malicious scripts.
  • [SAFE]: Local file operations are limited to the skill's own directory for caching network status and managing API quotas, with no evidence of unauthorized access to sensitive system paths.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:01 PM