pravidhi-ddgs-internet-search
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the
duckduckgo-searchlibrary to be installed via pip. This is a standard dependency for the skill's stated purpose of web searching. - [PROMPT_INJECTION]: The skill ingests untrusted data from web search results, which is a standard surface for indirect prompt injection.
- Ingestion points:
scripts/search.pyretrieves content (title and body) from external web pages via the DuckDuckGo Search library. - Boundary markers: Search results are returned in a structured JSON format, but the text content itself is not wrapped in markers to warn the agent about potential embedded instructions.
- Capability inventory: The script's capabilities are limited to network GET requests to DuckDuckGo and printing to standard output. It does not perform file system operations, subprocess executions, or data writes.
- Sanitization: The script truncates search result bodies to 250 characters to manage context limits, but it does not filter or sanitize the content for malicious prompt instructions.
Audit Metadata