skill-search
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/search_catalog.pyperforms network requests toskillscatalog.aito retrieve catalog data. This aligns with the skill's primary purpose. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external content.
- Ingestion points: JSON search results and skill details fetched from the
skillscatalog.aiAPI. - Boundary markers: None identified; search results are formatted as plain text strings.
- Capability inventory: The skill is limited to performing network GET requests and does not have write or execution capabilities.
- Sanitization: No explicit sanitization or filtering of API-provided text is performed before display.
Audit Metadata