ddgr
Warn
Audited by Snyk on Feb 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill runs DuckDuckGo searches via the ddgr CLI and ingests/search results and snippets (via --json) from public web sources—including user-generated sites referenced in the docs such as StackOverflow, Reddit, and arbitrary URLs reachable with DuckDuckGo bangs—so the agent will read untrusted third-party content from the open web.
Audit Metadata