Skills
skills/ropl-btc/agent-skills/ddg-search/Gen Agent Trust Hub

ddg-search

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/ddg_search.py uses subprocess.call specifically to re-execute itself within the local virtual environment (.venv/bin/python). This is a benign mechanism to ensure the tool runs with its required dependencies without manual environment activation.
  • [EXTERNAL_DOWNLOADS]: The scripts/bootstrap_venv.sh script downloads the ddgs (duckduckgo_search) package from the official Python Package Index (PyPI). This is the core library required for the skill's functionality.
  • [PROMPT_INJECTION]: As a web search tool, the skill ingests third-party content (search result titles and snippets) into the agent's context. This represents an indirect prompt injection surface. The skill mitigates this by providing structured JSON output, which helps the agent distinguish between query metadata and result content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 09:45 AM