grok-search
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill presents an Indirect Prompt Injection surface. It ingests data from external, untrusted sources (the web and X/Twitter). If an agent processes a search result containing malicious instructions, it may deviate from the user's original intent. * Ingestion points: Search snippets and tweet metadata processed by
grok_search.mjs. * Boundary markers: None identified in the provided documentation. * Capability inventory: Execution of local Node.js scripts and outbound network requests to the xAI API. * Sanitization: The documentation indicates citation validation but does not confirm sanitization of the search snippets themselves. - [COMMAND_EXECUTION] (LOW): The skill relies on running local JavaScript files (
grok_search.mjs,chat.mjs,models.mjs) using Node.js. These files were not included in the analysis package, which prevents verification of their safety regarding file system operations or other side effects. - [DATA_EXPOSURE] (INFO): The skill is designed to read from
~/.clawdbot/clawdbot.jsonto retrieve API keys. While standard for CLI-based agent skills, it identifies a specific file path containing sensitive credentials.
Audit Metadata