algolia-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions or bypass attempts detected. The instructions provided are focused on grounding the agent's behavior in specific domain knowledge provided in reference files.
- [Data Exposure & Exfiltration] (SAFE): No credentials or sensitive data are hardcoded. The skill actively mitigates credential exposure by providing validation rules that detect hardcoded Algolia keys and the misuse of admin keys in frontend code.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not define or install external packages. It references standard libraries like 'algoliasearch' and 'react-instantsearch' only for the purpose of static code analysis and implementation guidance.
- [Indirect Prompt Injection] (LOW): While the skill is designed to process user-provided code (ingestion point), it lacks capabilities such as file system write access or network operations that could be exploited. The risk is limited to providing incorrect guidance if the user input is specifically crafted to confuse the validation regexes.
- [Dynamic Execution] (SAFE): No use of eval(), exec(), or other dynamic code generation techniques. All logic is based on static pattern matching (regex) and instructional guidance.
Audit Metadata