ddgs-search

The skill bundle provides web search and arXiv paper search functionality. All Python scripts (`arxiv_search.py`, `install.py`, `search.py`) use `subprocess.run` with a list of arguments, which prevents shell injection vulnerabilities. Network calls are limited to the legitimate arXiv API endpoint (`export.arxiv.org`). The installer script (`install.py`) correctly installs the `ddgs` package and a local wrapper script to `~/.local/bin`, which is part of its stated purpose. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts in the `SKILL.md` or `README.md` files. The code aligns with the stated purpose and lacks high-risk behaviors.