web-search-plus-cli
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to install the tool locally using
pip install .and then execute theweb-search-pluscommand. This pattern involves executing code from the repository and encourages the agent to modify the environment'sPATHvariable if the executable is not immediately found. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it retrieves and processes content from external search providers (Serper, Tavily, Exa, etc.) which is then parsed by the agent to answer user queries.
- Ingestion points: Content is ingested from search provider results, specifically the
results,answer, andmetadatafields as defined inreferences/output-schema.md. - Boundary markers: Absent; the instructions in
SKILL.mddo not provide delimiters or specific guidelines for the agent to ignore or isolate instructions potentially embedded in the search results. - Capability inventory: The agent has the capability to execute shell commands (
web-search-plus) and access the local file system (via.envandconfig.jsonfiles) as described inSKILL.mdandreferences/env.md. - Sanitization: There is no mention of sanitization, escaping, or validation of the data retrieved from external web sources before it is processed by the agent.
Audit Metadata