web-search
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run the infsh CLI. It employs platform-level restrictions to ensure only commands starting with infsh can be executed, reducing the risk of arbitrary command injection.
- [EXTERNAL_DOWNLOADS]: The documentation references external installation instructions and resources hosted on raw.githubusercontent.com and cloud.inference.sh, as well as suggesting the installation of related skills via npx.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because its primary function is to ingest untrusted data from the internet.
- Ingestion points: Web search results and extracted page content from Tavily and Exa apps (SKILL.md).
- Boundary markers: There are no delimiters or specific instructions provided to help the agent distinguish between its original instructions and untrusted web content.
- Capability inventory: The agent can execute network-based data retrieval and further analysis via the infsh CLI (SKILL.md).
- Sanitization: No logic is provided to sanitize or validate the content retrieved from the web before it enters the agent's context.
Audit Metadata