searxng
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external search results which could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: search results (titles, snippets, and content) are fetched via
httpx.getinscripts/searxng.py. - Boundary markers: Absent. The search results are output directly into the agent's context without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has network access and formatting capabilities via
httpxandrich. - Sanitization: Absent. Result snippets are processed and displayed exactly as received from the SearXNG instance.
- [Data Exposure & Exfiltration] (LOW): The script performs network requests to non-whitelisted, user-configurable domains and explicitly disables SSL security.
- Evidence:
scripts/searxng.pyusesverify=Falsein thehttpx.getrequest. - Risk: Disabling SSL verification (documented for local use) allows for Man-In-The-Middle (MITM) attacks if the
SEARXNG_URLis set to a public instance over HTTPS.
Audit Metadata