bing-search
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The script communicates exclusively with cn.bing.com to retrieve search results. This is a legitimate operation for a search tool and does not involve downloading executable code or connecting to untrusted command-and-control servers.
- [DATA_EXFILTRATION] (SAFE): The code was reviewed for sensitive file access (e.g., SSH keys, environment variables) and none were found. It only transmits the user's search query to the search engine.
- [COMMAND_EXECUTION] (SAFE): The script uses standard string manipulation and HTML parsing. There are no calls to os.system, subprocess, or other functions that would allow for arbitrary command execution.
- [INDIRECT_PROMPT_INJECTION] (LOW): While the skill processes external web content from Bing, it lacks the capabilities (such as file-writing or code execution) required to turn an injection into a significant threat. Results are sanitized using HTML unescaping and tag removal.
Audit Metadata