web-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The search.js script executes the ddgs CLI using execFileSync. Arguments are passed as an array, which correctly mitigates shell injection risks.
- [EXTERNAL_DOWNLOADS] (LOW): The skill relies on the user manually installing the ddgs tool and NPM packages. These are standard external dependencies for web scraping and search tasks.
- [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface. [1] Ingestion points: Untrusted content is fetched from arbitrary URLs in search.js and content.js. [2] Boundary markers: The output uses result headers (e.g., --- Result 1 ---) but lacks explicit instructions for the agent to ignore commands within the data. [3] Capability inventory: The skill can access the network and execute a local search binary. [4] Sanitization: The Readability library removes script and style tags, but it does not filter the extracted text for malicious natural language instructions.
Audit Metadata