searching-internet-with-jina-ai
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest untrusted data from external web sources (via Jina AI's search and reader endpoints). This creates a surface for indirect prompt injection if the fetched content contains malicious instructions intended for the agent.
- Ingestion points: Data is ingested through
curlcommands targetings.jina.aiandr.jina.aias described inSKILL.md. - Boundary markers: No specific boundary markers or instructions to ignore embedded commands in the fetched content are present.
- Capability inventory: The skill uses
curlto perform network requests and process the resulting text/markdown. - Sanitization: There is no evidence of content sanitization or validation of the fetched data.
- Data Exfiltration / Network Operations (LOW): The skill performs network operations using
curlto domains outside the whitelist (s.jina.ai,r.jina.ai). While these are legitimate services, they represent external data transmission. - Command Execution (SAFE): Use of
curlis documented for data retrieval only. No instances of piping output to a shell (e.g.,curl | bash) or executing downloaded scripts were found.
Audit Metadata