ddgr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly directs the agent to run ddgr searches against the open web (including site-specific searches of Stack Overflow/Reddit and arbitrary URLs), parse results and optionally use WebFetch to read full pages, so untrusted/user-generated third-party content is ingested and can directly influence the agent's decisions and actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to install ddgr automatically and includes a sudo apt-get install command (asking the agent to obtain/run privileged operations), which modifies system state and requires elevated privileges.