web-search
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it fetches and processes content from external, untrusted websites.
- Ingestion points: Untrusted data enters the agent context via the Tavily and Exa search/extract apps (e.g.,
tavily/extract,exa/search) as described in SKILL.md. - Boundary markers: The skill instructions do not recommend using delimiters or specific 'ignore instructions' markers when interpolating search results into LLM prompts.
- Capability inventory: The agent uses
Bash(infsh *)to run extraction and search tasks via a command-line interface. - Sanitization: No sanitization or filtering of the retrieved web content is documented before it is passed to other tools or LLMs.
- [COMMAND_EXECUTION]: The skill requires the use of the
infshCLI to perform its primary functions, involving shell command execution to interface with the inference.sh platform. - [EXTERNAL_DOWNLOADS]: The documentation points to external installation scripts for the CLI tool and suggests installing additional skill components from the inference-sh GitHub organization via the
npxpackage runner.
Audit Metadata