web-search
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because its primary function is to retrieve untrusted content from the internet (via search results and page crawls) and pass it to the AI agent. Evidence: Data is ingested from external URLs in scripts/web_search.py through the search_baidu, search_bing, search_duckduckgo, and crawl_page_async functions. Boundary markers are absent in the output returned to the agent. The skill has network capabilities via requests, playwright, and crawl4ai. Basic HTML tag removal is performed in extract_search_results_from_html, but the text remains unvetted for adversarial instructions. As this behavior is essential for a search skill, the severity is minimal.
- [EXTERNAL_DOWNLOADS]: The skill uses functional dependencies including baidusearch, crawl4ai, and playwright, which are standard for web automation tasks and are documented in the skill's requirements.txt and SKILL.md.
Audit Metadata