Skills
skills/ysm-dev/skills/web-search/Gen Agent Trust Hub

web-search

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to check for the presence of ddgr, install it, and execute searches.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the ddgr utility from well-known public registries like PyPI and Homebrew.
  • [PROMPT_INJECTION]: The skill describes a workflow that involves fetching and processing untrusted data from the web, which constitutes an indirect prompt injection surface.
  • Ingestion points: Search result snippets from ddgr and full page content retrieved through the WebFetch tool.
  • Boundary markers: No explicit delimiters or instructions to ignore instructions within fetched data are provided in the skill text.
  • Capability inventory: The skill has the ability to execute shell commands (ddgr) and interacts with other web-fetching capabilities.
  • Sanitization: The instructions do not include steps for sanitizing or validating content retrieved from the web before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:31 PM