Skywork Search
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with official vendor API endpoints (api.skywork.ai, skywork.ai, and api-tools.skywork.ai) to facilitate authentication and search. These interactions are limited to the skill's intended functionality and use trusted infrastructure.
- [COMMAND_EXECUTION]: The authentication script utilizes system commands (open, start, or xdg-open) via subprocess.Popen to launch the user's default browser for account login. This execution is limited to opening a specific vendor URL.
- [DATA_EXFILTRATION]: The skill reads and writes a local token file (~/.skywork_token) to persist API sessions. This file access is restricted to the skill's own operational credentials and does not involve unauthorized data movement.
- [PROMPT_INJECTION]: The skill processes external web content, which presents a surface for indirect prompt injection. (1) Ingestion points: scripts/web_search.py captures text snippets and URLs from the web. (2) Boundary markers: Search results are presented as plain text without specialized delimiters. (3) Capability inventory: The skill includes network access and the ability to trigger browser-based operations. (4) Sanitization: The skill does not perform content sanitization or instruction filtering on the retrieved web data.
Audit Metadata