ecommerce-listing

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill operates as a web scraper, creating an inherent surface for indirect prompt injection via content found on third-party websites.
  • Ingestion points: Product metadata such as names and descriptions are read from external page DOMs in scripts/extract-listing.py.
  • Boundary markers: Data is structured in JSON format, providing structural isolation, though no explicit delimiters are used to separate scraped text from agent instructions.
  • Capability inventory: The skill utilizes the bash and browser-act tools.
  • Sanitization: No specific filtering or escaping of extracted text is performed before it is returned to the agent context.
  • [COMMAND_EXECUTION]: The skill generates and executes JavaScript at runtime by piping local Python script output to the shell. This is a standard mechanism used by this vendor to perform browser-based tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — ecommerce-listing