process-hybrid-search
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/run-process-hybrid-search.shexecutes thecurlcommand to interact with an external API endpoint. This behavior is documented as the primary function of the skill for performing searches. - [DATA_EXFILTRATION]: The skill transmits request data to a Supabase edge function located at
qgzvkongdjqiiamzbbts.supabase.co. Supabase is recognized as a well-known service, and the data transmission is necessary for the search functionality. - [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection as it processes external JSON data through the
--dataparameter in the execution script. Evidence: (1) Ingestion point:DATA_FILEargument inscripts/run-process-hybrid-search.sh; (2) Boundary markers: Absent; (3) Capability:curlnetwork request execution; (4) Sanitization: Absent. The risk is minimized as the data is treated as a JSON payload for a specific API function.
Audit Metadata