google-search
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
execFileSyncinvendor/web-search.mjsto invoke thechromuxCLI for browser operations. While it passes arguments as an array (a security best practice), it executes external commands based on agent instructions.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the internet and places it directly into the agent context.\n - Ingestion points: Untrusted data enters the agent context via search snippets and full page content extracted from various websites in
vendor/web-search.mjs.\n - Boundary markers: Absent. The content retrieved from the web is not wrapped in delimiters or accompanied by instructions for the agent to ignore embedded commands.\n
- Capability inventory: The skill has the ability to execute the
chromuxCLI and perform network requests (via the browser), providing a mechanism for potential exploitation if malicious instructions are followed.\n - Sanitization: The script performs basic truncation and whitespace removal but does not sanitize the content against prompt injection attacks.
Audit Metadata