grok-search
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to the well-known xAI API at api.x.ai. These connections are necessary for its primary functionality and target a verified service.
- [PROMPT_INJECTION]: The skill ingests untrusted data from web and social media searches. It mitigates indirect prompt injection risks by using JSON serialization for query interpolation and enforcing a strict JSON response schema for model output.
- [COMMAND_EXECUTION]: The selftest.mjs script uses child_process.spawn to execute the skill's own internal scripts for validation purposes, restricted to the local environment.
Audit Metadata