skills/ysm-dev/skills/web-search/Gen Agent Trust Hub

web-search

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the ddgr utility using package managers like pip3 and Homebrew.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution for its core functionality, including running search queries via ddgr, checking for tool availability with which, and performing installations.
  • [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by fetching untrusted data from external websites.
  • Ingestion points: DuckDuckGo search results and webpage content fetched via the recommended workflow in SKILL.md.
  • Boundary markers: None specified; instructions do not advise the agent to use delimiters or ignore embedded instructions within retrieved content.
  • Capability inventory: Access to shell execution and package management tools.
  • Sanitization: None identified; content from the web is processed without explicit filtering or validation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 05:25 PM
Security Audit — agent-trust-hub — web-search