ddg-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts (scripts/ddg_search.py) and SKILL.md explicitly fetch and parse public DuckDuckGo responses (https://api.duckduckgo.com/ and https://duckduckgo.com/), returning JSON/HTML search results and resolved target URLs for agents to parse and act on, which are untrusted third‑party web content that can influence subsequent tool use.