web-search
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
ddgrutility using package managers likepip3and Homebrew. - [COMMAND_EXECUTION]: The skill relies on shell command execution for its core functionality, including running search queries via
ddgr, checking for tool availability withwhich, and performing installations. - [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by fetching untrusted data from external websites.
- Ingestion points: DuckDuckGo search results and webpage content fetched via the recommended workflow in
SKILL.md. - Boundary markers: None specified; instructions do not advise the agent to use delimiters or ignore embedded instructions within retrieved content.
- Capability inventory: Access to shell execution and package management tools.
- Sanitization: None identified; content from the web is processed without explicit filtering or validation.
Audit Metadata