ddgs-web-search
Fail
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's documentation (SKILL.md) provides installation instructions that fetch the
uvpackage manager from its official domain (astral.sh) and execute it via shell or PowerShell. Asastral.shis a well-known service in the Python ecosystem, this is considered a standard installation procedure for the recommended package manager. - [COMMAND_EXECUTION]: The skill utilizes a Python script (
scripts/ddgs_search.py) intended to be invoked via command-line environments. It performs web search operations and outputs results in text or JSON format for programmatic use. - [PROMPT_INJECTION]: The skill documentation includes integration examples for OpenClaw workflows that interpolate untrusted search queries directly into shell command templates (
uv run scripts/ddgs_search.py "{{ query }}"). This creates a vulnerability surface for indirect prompt injection where a malicious payload could attempt to execute arbitrary commands by escaping the search query string. - Ingestion points: Workflow command templates and Python subprocess calls within
SKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation examples.
- Capability inventory: Executes shell commands and utilizes the
subprocessmodule for script execution. - Sanitization: The documentation examples do not demonstrate sanitization or escaping of the interpolated
{{ query }}variable.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata