readthedocs-search-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill performs network requests to app.readthedocs.org and app.readthedocs.com. This behavior is limited to the skill's primary search function and does not involve the exfiltration of sensitive local data or hardcoded credentials.- [Indirect Prompt Injection] (SAFE): The skill ingests untrusted search results from the internet, which is a known surface for indirect prompt injection. However, this is inherent to its primary purpose and is considered safe because the skill lacks the capabilities required for exploitation, such as system command execution, file writing, or network exfiltration of local data.
- Ingestion points: Data retrieved from the Read the Docs Search API in the provided Python snippets.
- Boundary markers: No specific delimiters or safety warnings are included in the search result processing logic.
- Capability inventory: The skill is limited to read-only network operations and basic data output; it has no file-write or subprocess execution rights.
- Sanitization: No sanitization of search results is performed before they are displayed or returned.
Audit Metadata