search-tcp
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were identified within the skill definition.
- [COMMAND_EXECUTION]: The skill executes the local command
npm run netawith parameters for keywords and sorting. This is consistent with its stated purpose. - [CREDENTIALS_UNSAFE]: The skill requires the
NETA_TOKENenvironment variable. This follows standard security practices for providing API tokens to CLI tools and avoids hardcoding secrets. - [PROMPT_INJECTION]: The skill processes user input through the
--keywordsparameter. While this creates a potential surface for indirect prompt injection, it is considered a low-risk architectural characteristic rather than a vulnerability in this context. Evidence: 1. Ingestion points:--keywordsargument in SKILL.md. 2. Boundary markers: None. 3. Capability inventory: Subprocess execution vianpm run. 4. Sanitization: Not specified in skill description.
Audit Metadata