web-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted data from the open web.
- Ingestion points: Data enters the agent context through the
online_searchtool results. - Boundary markers: The prompt lacks specific delimiters or instructions to ignore commands embedded within the search results.
- Capability inventory: Limited to text summarization and formatting; no direct file-write or system-level capabilities are exposed in the markdown.
- Sanitization: No specific sanitization or filtering of the external content is defined in the search strategy.
- [No Code] (SAFE): The skill consists entirely of Markdown instructions and YAML metadata without any accompanying scripts (Python, JS, etc.), significantly reducing the attack surface.
Audit Metadata