Skills
skills/skyworkai/skywork-skills/Skywork Search/Gen Agent Trust Hub

Skywork Search

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill acts as an ingestion point for untrusted data from the web, which constitutes an indirect prompt injection surface.
  • Ingestion points: Untrusted data from web search results is fetched via the Skywork API in scripts/web_search.py and written to local text files.
  • Boundary markers: The script uses basic markers like [result-n] to separate content, but there are no explicit delimiters or instructions to the agent to ignore malicious commands embedded in the results.
  • Capability inventory: The script scripts/web_search.py performs network requests to api-tools.skywork.ai and writes results to files in a temporary directory (tempfile.mkdtemp); the agent then reads these files to process the data.
  • Sanitization: The script performs standard JSON parsing and whitespace stripping but does not sanitize the search result content for embedded natural language instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 12:14 PM