web-search

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains clear data-exfiltration patterns — a hardcoded, non-official DUCK_API_URL that will receive user queries and any WEB_SEARCH_BEARER token plus remote-install commands (curl | sh and pip from remote URLs), which together indicate an intentional backchannel/supply-chain exfiltration mechanism.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's main runtime (scripts/search.py and SKILL.md) queries public SearXNG instances (PUBLIC_SEARXNG_INSTANCES) and a public Duck API (DUCK_API_URL) and ingests/prints their search results/snippets, so untrusted third‑party content is fetched and used in the agent's outputs and could influence subsequent actions.