ddg-search
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of the
ddgsPython package. This is an unverifiable and non-standard dependency compared to the industry-recognizedduckduckgo-searchlibrary. Using less common packages increases the risk of supply chain attacks. - [COMMAND_EXECUTION] (LOW): The skill executes a local Python script (
scripts/search.py) to perform its tasks. While the script's logic is simple, its security relies entirely on the externalddgslibrary. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection as it processes untrusted data from DuckDuckGo search results.
- Ingestion points: Search results (titles, URLs, and body snippets) are printed directly to stdout in
scripts/search.py(lines 17-22). - Boundary markers: Absent. There are no delimiters or warnings to the agent that the content is untrusted.
- Capability inventory: The skill has network access through the
ddgslibrary and can be used to influence agent behavior through retrieved content. - Sanitization: None. The output is displayed exactly as received from the external source.
- [DATA_EXPOSURE & EXFILTRATION] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized data transmission patterns were detected in the provided code.
Audit Metadata