Skills
skills/xream/scripts/google-search/Gen Agent Trust Hub

google-search

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits search queries to pure.md, a third-party proxy service, which is not included in the standard whitelist of trusted domains.
  • [PROMPT_INJECTION]: The skill ingests and outputs untrusted search result content from the internet, creating a surface for indirect prompt injection where malicious search results could influence agent behavior.
  • Ingestion points: Untrusted content is fetched via the pure.md proxy in scripts/search.mjs and logged to the console.
  • Boundary markers: No delimiters or ignore instructions are used to isolate external content from the agent's instructions.
  • Capability inventory: The skill has network access via fetch() but does not have file system write or subprocess execution capabilities.
  • Sanitization: No sanitization or validation is performed on the fetched content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 12:40 AM