Nia Public Search
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes content from external public sources (repositories and documentation) through an API. This data is then presented to the agent, creating a surface where malicious instructions embedded in the external sources could potentially influence agent behavior.
- Ingestion points:
scripts/search.shandscripts/lib.shfetch data fromhttps://apigcp.trynia.ai/public/search. - Boundary markers: None detected in the script logic to separate external content from system instructions.
- Capability inventory: The skill can execute shell commands via
scripts/search.sh, which usescurlandjq. - Sanitization: The skill uses
jqto safely construct JSON payloads for requests, but does not sanitize the incoming text results from the search API. - [COMMAND_EXECUTION]: The skill relies on local shell scripts (
scripts/search.shandscripts/lib.sh) to perform its operations. These scripts use standard utilities likecurlandjqto interact with the backend service. - [DATA_EXFILTRATION]: The skill sends user-provided search queries and source identifiers (such as repository slugs or documentation URLs) to the external API endpoint
https://apigcp.trynia.ai/public/search. This domain is owned by the vendor (nozomio-labs) and the data transfer is required for the tool's primary search functionality. - [EXTERNAL_DOWNLOADS]: The documentation mentions the command
npx nia-wizard@latestas a way for users to install an extended version of the service. This involves the execution of code from the npm registry, though it is presented as a manual setup step rather than an automated action by the agent.
Audit Metadata