ddgo
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes the 'x ddgo' command to perform web searches and AI-driven answer extraction. This is the intended purpose of the skill.\n- [EXTERNAL_DOWNLOADS]: Connects to DuckDuckGo to retrieve search results and AI-generated summaries.\n- [PROMPT_INJECTION]: The skill processes external content from search results, which is a potential surface for indirect prompt injection (Category 8c).\n
- Ingestion points: External DuckDuckGo search results (SKILL.md).\n
- Boundary markers: The instructions do not specify delimiters to isolate search results from the agent's logic.\n
- Capability inventory: No high-privilege capabilities such as file system writes or network exfiltration are associated with the search output processing.\n
- Sanitization: No sanitization of external search content is described.
Audit Metadata