web-search
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The script
scripts/search.pyincludes anensure_dependencyfunction that automatically runspip install -U ddgsif the library is missing. This automatic, unpinned installation of external packages at runtime bypasses manual verification and could be exploited if the package repository or the package itself is compromised.\n- [COMMAND_EXECUTION] (LOW): The skill usessubprocess.check_callto execute shell commands for dependency management. While used for a legitimate purpose here, the use of subprocesses to run system-level commands is a capability that should be monitored.\n- [Indirect Prompt Injection] (LOW): The skill retrieves and processes data from external web sources, which may contain malicious instructions designed to influence the agent's behavior.\n - Ingestion points: Search results from DuckDuckGo in
scripts/search.py.\n - Boundary markers: Absent; results are concatenated and returned without delimiters or instructions to treat the data as untrusted.\n
- Capability inventory: The script has the capability to run subprocesses (pip).\n
- Sanitization: Absent; no escaping or sanitization of web content is performed before returning it to the agent.
Audit Metadata