The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external web search results which could contain malicious instructions designed to manipulate the agent's behavior.
Ingestion points: Data enters the system via the _http_post function in scripts/grok_search.py, which fetches synthesized answers and sources from the Grok API.
Boundary markers: The script does not implement explicit delimiters or 'ignore embedded instructions' warnings when handling the search results returned by the API.
Capability inventory: The agent utilizing this skill has access to shell command execution (subprocess), file system operations, and network operations as evidenced by the script's own implementation.
Sanitization: There is no sanitization or filtering of the external search content before it is returned to the agent context.
[COMMAND_EXECUTION]: The SKILL.md file provides instructions for users to execute local setup scripts (configure.sh and configure.ps1). The Windows instructions explicitly recommend using -ExecutionPolicy Bypass, which allows the execution of unsigned or restricted scripts, potentially lowering the system's security posture.

grok-search