Skills
skills/cliuxinxin/rag_agent/web_searcher/Gen Agent Trust Hub

web_searcher

Warn

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis

================================================================================

🟡 VERDICT: MEDIUM

This skill is rated MEDIUM primarily due to its reliance on an external, unverified Python dependency (duckduckgo_search). While the skill's direct code is straightforward and appears benign, the external dependency introduces a supply chain risk as its code is not included for direct audit. The skill's core functionality involves executing a Python script to perform web searches, which is an expected use of the COMMAND_EXECUTION category. The skill also performs network requests to DuckDuckGo, which is its intended purpose, but this highlights the EXTERNAL_DOWNLOADS aspect of its dependency.

Total Findings: 3

🟡 MEDIUM Findings: • Unverifiable Dependency

  • scripts/search.py:3: The skill imports duckduckgo_search, an external Python package. The source code for this dependency is not provided within the skill's files, meaning it cannot be fully audited. While duckduckgo_search is a legitimate and widely used library, any external dependency introduces a potential supply chain risk if the dependency itself were compromised or contained malicious code.

🔵 LOW Findings: • Network Activity (Expected)

  • scripts/search.py:7: The script performs network requests to DuckDuckGo via the duckduckgo_search library. This is the intended functionality of a web searcher. There is no evidence of sensitive local file access or exfiltration to non-whitelisted domains. The search query itself, if containing sensitive user data, would be sent to DuckDuckGo, which is an expected part of its function.

ℹ️ INFO Findings: • Indirect Prompt Injection Risk

  • SKILL.md: The skill processes user-provided search queries. While the skill itself does not exhibit direct prompt injection vulnerabilities, any skill that takes user input and uses it to interact with external services (like a search engine) could be susceptible to indirect prompt injection if the results from the external service are then fed back into the LLM without proper sanitization. The current skill only prints results to stdout, but the LLM will still see this output.

================================================================================

Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 12, 2026, 04:06 PM