ddg-search
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: In
scripts/ddg_search.py, the skill usessubprocess.callto re-execute itself within a local virtual environment. This ensures the correct Python interpreter and dependencies are used. The command is restricted to executing the skill's own script and does not involve arbitrary shell execution. - [EXTERNAL_DOWNLOADS]: The
scripts/bootstrap_venv.shscript downloads theddgslibrary from PyPI during the initialization process. This is a standard method for installing dependencies required for the search functionality. - [DATA_EXFILTRATION]: The skill initiates network connections to
duckduckgo.comandapi.duckduckgo.comto fetch search results and instant answers. These operations are essential for the tool's primary function and do not involve the transmission of sensitive local data to external servers.
Audit Metadata