SerpAPI

This skill is designed to interact with the legitimate SerpAPI service. It securely retrieves the `SERPAPI_API_KEY` from environment variables and optionally reads a default location from `TOOLS.md` within the workspace, which is a standard configuration pattern for agent skills. All network requests are directed to `https://serpapi.com`, and parameters are properly encoded using `urllib.parse.urlencode`, preventing injection vulnerabilities. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent in `SKILL.md` or `scripts/serp.py`.