Skills
skills/unifuncs/unifuncs-skill/unifuncs-search/Gen Agent Trust Hub

unifuncs-search

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill presents a high risk for Indirect Prompt Injection (Category 8). It retrieves arbitrary data from the internet via the UniFuncs API and processes it within an environment where the agent has execution permissions.
  • Ingestion points: Web search content fetched via scripts/search.py.
  • Boundary markers: None specified in the documentation or metadata to isolate search results from instructions.
  • Capability inventory: The skill is granted Bash(python*:*) tool access, providing a significant execution surface.
  • Sanitization: No evidence of sanitization, filtering, or validation of the retrieved web content is provided.
  • COMMAND_EXECUTION (LOW): The skill is documented to execute a local Python script using Bash. While intended, this provides a pathway for code execution that could be exploited via malicious search results.
  • NO_CODE (INFO): The core implementation file 'scripts/search.py' is missing from the analysis, which prevents a definitive security audit of the script's internal logic and how it handles user-provided arguments.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:30 AM