web-search
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the native fetch API in cli.js to retrieve search results from duckduckgo.com and to download full page content from arbitrary third-party URLs when the --fetch flag is used.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the web and provides it to the agent without proper isolation.
- Ingestion points: External web content is ingested into the agent context via the fetchPageContent function in cli.js.
- Boundary markers: The output format does not include delimiters or specific instructions for the agent to treat the fetched content as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill allows the agent to read arbitrary web content, which could be used to influence downstream actions if the agent has further capabilities such as file system access or command execution.
- Sanitization: Although the script removes HTML tags like and using cheerio, the raw text content is not analyzed or filtered for potential malicious instructions designed to hijack the AI's behavior.
Audit Metadata