Skills
skills/zhayujie/chatgpt-on-wechat/bocha-search/Gen Agent Trust Hub

bocha-search

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The scripts/search.sh script is vulnerable to command injection. It constructs a JSON payload using an unquoted bash heredoc, which causes the shell to evaluate any command substitutions (such as $(...)) present in the search query variable. An attacker can execute arbitrary code by providing a specially crafted query.
  • DATA_EXFILTRATION (LOW): The skill performs network requests to api.bocha.cn, an external domain not included in the trusted whitelist, transmitting the search query and the BOCHA_API_KEY.
  • PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted search results from the internet. Evidence Chain: 1. Ingestion points: The response variable in scripts/search.sh. 2. Boundary markers: None. 3. Capability inventory: curl and bash. 4. Sanitization: None.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:20 PM