web-search-and-fetch
Run Google searches and fetch JS-rendered web pages as Markdown via `google-search-cli`, a Patchright-based CLI invoked through `uvx` from its GitHub repo (no local install needed). Use when the agent needs (1) fresh Google search results from a query, (2) the Markdown of a URL that plain HTTP fetch (curl/WebFetch) cannot render because it requires JavaScript or evades bots, or (3) inspection of the raw HTML of a Google results page. Trigger phrases include "google for ...", "search the web for ...", "fetch this page as markdown", "this page needs JS to render". Do not use for static doc URLs that WebFetch handles cleanly, or when Chromium cannot be installed on the machine.
90
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Security
3 findings — 1 critical severity, 2 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E005: Suspicious download URL detected in skill instructions
What this means
Detected a suspicious URL in the skill instructions that could lead the agent to download and execute malicious scripts or binaries. This includes links to executables from untrusted sources, typosquatting of official packages, URL shorteners that obscure the destination, and personal file hosting services.
Why it was flagged
Suspicious download URL detected (high risk: 0.70). This is a public GitHub repository from an individual account (not an official vendor); while GitHub itself is legitimate, pulling and executing code directly from an untrusted repo (via uvx/git+https) can run arbitrary code and deliver malicious payloads, so it is not obviously benign.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 1.00). The skill's workflow (SKILL.md) explicitly runs the third-party tool google-search-cli to perform Google searches and to "fetch-markdown" arbitrary URLs (via uvx/git+https://github.com/ceshine/python-playwright-google-search.git), and instructs the agent to parse and act on the returned JSON/Markdown, which exposes it to untrusted public web content that could contain injected instructions.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.90). The skill invokes and runs code directly from git+https://github.com/ceshine/python-playwright-google-search.git at runtime via `uvx --from`, so remote repository content is fetched and executed as a required dependency, which can directly control agent behavior and execute code.
- Repository
- ceshine/ceshine-agent-skills
- Commit
348c2c1
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.