Skills
skills/thinkfleetai/thinkfleet-engine/xai-search/Gen Agent Trust Hub

xai-search

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to install the xai-sdk Python package from a well-known service provider.
  • [COMMAND_EXECUTION]: The skill provides example curl commands and a local Python helper script path for interacting with the xAI API and processing JSON output via jq.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted content from the web and social media platforms.
  • Ingestion points: Data enters the agent context via the results of web_search and x_search function calls documented in SKILL.md.
  • Boundary markers: The provided documentation does not define specific delimiters or instructions to ignore embedded commands within search results.
  • Capability inventory: The skill facilitates network requests to api.x.ai and execution of the local xai-search.py script.
  • Sanitization: No explicit sanitization or filtering of the retrieved search content is mentioned in the skill definition.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:15 AM