Skills
skills/xsailor511/duckduck-web-search/duckducksearch/Gen Agent Trust Hub

duckducksearch

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to install the duckduckgo-search and ddgs Python packages. These are well-known libraries for programmatic access to DuckDuckGo search results.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests and processes untrusted data from the open web (search result titles, snippets, and bodies).
  • Ingestion points: Web search results returned by the DDGS().text(), DDGS().images(), DDGS().videos(), and DDGS().news() methods (SKILL.md).
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the provided documentation snippets.
  • Capability inventory: The skill facilitates network operations to fetch external data but does not appear to have file system write or arbitrary code execution capabilities.
  • Sanitization: No sanitization or filtering of search result content is described in the provided implementation examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:54 AM