The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill ingests and processes search results from various third-party search engines via SerpApi, which could contain instructions designed to influence the agent's behavior.
Ingestion points: Search result data (organic results, snippets, titles) retrieved from the https://serpapi.com/search endpoint.
Boundary markers: Absent; the skill pipes raw output directly to jq for parsing without delimiters or instructions to ignore embedded commands.
Capability inventory: The skill possesses network access capabilities (curl) to fetch data from any URL and execute local shell commands via bash -c.
Sanitization: No explicit sanitization or filtering of the search results is implemented before the data is returned to the agent context.
Data Exposure & Exfiltration (SAFE): Sensitive API keys are correctly defined in the vm0_secrets metadata and accessed via environment variables, adhering to security best practices for secret management.
Command Execution (SAFE): The use of bash -c is a documented workaround for an environment-specific bug regarding variable persistence across pipes and is used here for legitimate API interaction.

serpapi