search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection. It retrieves and processes untrusted content from the web which could contain malicious instructions designed to manipulate the AI agent's behavior.
- Ingestion points: Web search result snippets and raw page content from the Tavily API.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are provided in the skill definition.
- Capability inventory: The skill can execute local shell scripts and perform network operations.
- Sanitization: No sanitization of the external web content is mentioned.
- [Data Exposure & Exfiltration] (LOW): The skill performs network requests to api.tavily.com. While necessary for functionality, this domain is not included in the trusted whitelist.
- [Command Execution] (LOW): The documentation describes the execution of a local script
./scripts/search.sh. Although this is a standard operational pattern, it represents a command execution vector. - [No Code] (SAFE): Only the SKILL.md documentation was provided. The referenced bash script (search.sh) was not available for direct security auditing.
Audit Metadata