searxng-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): (Category 8
- Indirect Prompt Injection) The skill processes untrusted data from external search engines and package registries, creating a surface for injection.
- Ingestion points: Search results (titles, snippets, content) returned by the local SearXNG API.
- Boundary markers: Absent; search results are not wrapped in delimiters or safety warnings in the provided examples.
- Capability inventory: The skill environment permits network requests (curl), container management (podman/docker), and script execution.
- Sanitization: No explicit sanitization or filtering of search result content is performed before presentation to the agent.
- EXTERNAL_DOWNLOADS (SAFE): The skill references downloading the official SearXNG image from Docker Hub and the qypi tool from PyPI. Per the TRUST-SCOPE-RULE, these are treated as safe since they originate from established, trusted repositories.
- COMMAND_EXECUTION (LOW): The skill utilizes local scripts and container runtimes to manage the search service. While this involves command execution, it is standard and necessary for the skill's stated utility.
Audit Metadata