serpapi
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches search data from the SerpAPI service (serpapi.com), which is an established and well-known provider for search engine results.
- [COMMAND_EXECUTION]: The script uses
curlto perform API requests andpython3for URL encoding and processing JSON output. These are standard operations for a shell-based API client. - [DATA_EXFILTRATION]: Transmits search queries and the
SERPAPI_API_KEYto the SerpAPI service. This data transmission is the intended primary function of the skill and targets the official service endpoint. - [PROMPT_INJECTION]: There is a potential for indirect prompt injection as the skill retrieves and processes untrusted textual content from search results (such as web snippets and news titles).
- Ingestion points: Search result data is retrieved from SerpAPI and printed to the standard output in
scripts/format.py. - Boundary markers: No specific boundary markers or instruction-isolation warnings are present in the output formatting.
- Capability inventory: The agent can invoke system commands (
curl,python3) and read local files through the skill's scripts. - Sanitization: The search results are formatted for readability but are not sanitized to filter out potentially malicious instructions embedded in web content.
Audit Metadata