web-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill performs web searches via ddgs and directly fetches and extracts arbitrary web pages (see search.js -> fetchPageContent fetching result.link and content.js fetching a provided URL), so it ingests untrusted public third‑party content that the agent reads and uses in its output.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's runtime fetchPageContent logic retrieves arbitrary web pages (e.g., the example URL shown: https://example.com/article or any result.link returned by ddgs) and returns their markdown content for inclusion in output, which can be injected into an agent's prompt context at runtime and therefore constitutes fetching external content that can directly control prompts.