The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the terminal tool to execute ddgs CLI commands and provides a utility shell script scripts/duckduckgo.sh to wrap search queries. This is consistent with the skill's stated purpose of providing a web search interface.
[EXTERNAL_DOWNLOADS]: The skill correctly instructs the agent to install the ddgs Python package via pip when the environment lacks the necessary dependency. This is a standard and transparent installation method for the required third-party tool.
[PROMPT_INJECTION]: As a web search tool, this skill presents an attack surface for indirect prompt injection by ingesting untrusted data (search snippets and titles) into the agent context. This risk is inherent to the primary functionality of searching external web content.
Ingestion points: Search results including titles, URLs, and snippets retrieved from DuckDuckGo (SKILL.md, scripts/duckduckgo.sh).
Boundary markers: The skill does not specify boundary markers or instructions to ignore instructions embedded within the search results.
Capability inventory: The skill has access to terminal for shell execution and execute_code for Python scripts (SKILL.md).
Sanitization: There is no evidence of sanitization or validation performed on the external content before it is presented to the agent.

duckduckgo-search