Skills
skills/toolshell/skills/web-search/Gen Agent Trust Hub

web-search

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requests the Bash(infsh *) permission, which allows the agent to execute any subcommand of the infsh CLI tool. This is a broad permission required for the skill's primary function but grants significant control over the local command-line environment for that specific tool.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts and processes untrusted data from external websites.
  • Ingestion points: External content is ingested via tavily/extract and exa/extract calls as described in SKILL.md.
  • Boundary markers: The workflow examples lack explicit boundary markers or instructions to ignore embedded commands, instead directly interpolating results into LLM prompts using placeholders like <search-results> and <content>.
  • Capability inventory: The skill uses Bash(infsh *) to execute search apps and pipe their output to other tools (e.g., OpenRouter LLMs).
  • Sanitization: There is no evidence of sanitization or validation of the web content before it is processed by the downstream agent or LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 12:04 PM