lynx-web-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill fetches and saves content from arbitrary external websites, creating a surface for indirect prompt injection where malicious instructions on a webpage could influence the agent's next actions.
- Ingestion points: Data retrieved from search engines (Google, Brave, etc.) and arbitrary URLs via
lynxinSKILL.md. - Boundary markers: Absent; retrieved content is saved as raw text or HTML directly to
/tmpwithout delimiters or safety warnings for the agent. - Capability inventory: The skill uses
lynxfor network requests andpythonfor string processing; it writes output files to the/tmpdirectory. - Sanitization: The skill correctly uses
urllib.parse.quote_plusto sanitize search queries, but it does not perform any sanitization or filtering on the content fetched from the web before saving it. - Command Execution (SAFE): The skill executes standard system commands (
lynx,python,tee). The provided scripts use proper variable quoting to prevent simple command injection from user-provided queries.
Audit Metadata