web-search
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill retrieves and processes untrusted content from the web (including page titles, snippets, and news summaries). This data is presented to the agent without sanitization or boundary markers, creating a surface for indirect prompt injection attacks.\n
- Ingestion points: Search results for web, news, images, and videos are ingested into the agent context from external websites via the
scripts/search.pyscript.\n - Boundary markers: There are no explicit delimiters or instructions provided to the agent to help it distinguish between legitimate system instructions and potentially malicious content within the search results.\n
- Capability inventory: The skill possesses the capability to write search results to the local file system using the
--outputflag inscripts/search.py.\n - Sanitization: The retrieved search data is not sanitized or filtered for instruction-like patterns before being returned to the agent or saved to files.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
duckduckgo-searchlibrary from the public Python Package Index (PyPI).\n- [COMMAND_EXECUTION]: The skill's core functionality is accessed by executing thescripts/search.pyscript via the command line, which performs network operations and can write to the local file system.
Audit Metadata