ollama-search
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches data from ollama.com and external websites through its search and fetch functionalities using official API endpoints.\n- [COMMAND_EXECUTION]: The bash scripts (scripts/ollama-search.sh, scripts/ollama-fetch.sh) execute curl to communicate with the API and jq to process JSON responses.\n- [PROMPT_INJECTION]: The skill retrieves untrusted data from external websites, creating a surface for indirect prompt injection.\n
- Ingestion points: External content is retrieved via the ollama-search.sh and ollama-fetch.sh scripts.\n
- Boundary markers: The scripts do not use explicit delimiters or safety warnings to isolate retrieved data from agent instructions.\n
- Capability inventory: The skill uses curl for network access and jq for data manipulation.\n
- Sanitization: Content is truncated or cleaned of whitespace, but no filtering for malicious instructions is performed.
Audit Metadata