web-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): Untrusted data enters the agent context via the WebSearch tool (Ingestion point: SKILL.md). The skill does not employ boundary markers or specific instructions to ignore embedded commands within search results (Boundary markers: absent). While the skill utilizes the WebSearch tool, it lacks more dangerous capabilities such as local file system access, command execution, or code evaluation (Capability inventory: SKILL.md). No sanitization or filtering of search results is defined (Sanitization: absent).
- No Code (SAFE): The skill consists entirely of markdown documentation and examples; no executable scripts, binaries, or package manifests are included.
- Data Exposure (SAFE): No hardcoded credentials (API keys, tokens) or sensitive local file paths (SSH keys, env files) were detected.
Audit Metadata