Skills
skills/sirn/dotfiles/synthetic-search/Gen Agent Trust Hub

synthetic-search

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill connects to api.synthetic.new to perform searches. This domain is external and not on the predefined trusted list.
  • [COMMAND_EXECUTION]: The documentation provides examples of constructing shell commands with curl using user-supplied search queries. This creates a surface for shell command injection if input is not properly escaped.
  • [PROMPT_INJECTION]: The skill ingests untrusted search result content, posing a risk of indirect prompt injection.
  • Ingestion points: Content is sourced from the title and text fields of the API results.
  • Boundary markers: No delimiters or safety instructions are defined for the ingested content.
  • Capability inventory: The skill utilizes shell execution for curl and jq commands.
  • Sanitization: No sanitization or validation of the API response is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 03:32 PM