ebay-search
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill uses a python3 snippet to read the GOOSEWORKS_API_KEY from ~/.gooseworks/credentials.json. This is a legitimate access to the platform's configuration file for authenticating requests to its own backend services at api.gooseworks.ai and api.orth.sh.- [PROMPT_INJECTION]: The skill ingests and processes untrusted organic results from eBay. 1. Ingestion points: Organic search results array in the API response. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess calls via curl and python3 for configuration and data retrieval. 4. Sanitization: Absent. While this presents an indirect prompt injection surface, it is a standard operational risk for search skills and is not paired with high-privilege capabilities that would facilitate exploitation.
Audit Metadata