ecommerce-listing
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill operates as a web scraper, creating an inherent surface for indirect prompt injection via content found on third-party websites.
- Ingestion points: Product metadata such as names and descriptions are read from external page DOMs in
scripts/extract-listing.py. - Boundary markers: Data is structured in JSON format, providing structural isolation, though no explicit delimiters are used to separate scraped text from agent instructions.
- Capability inventory: The skill utilizes the
bashandbrowser-acttools. - Sanitization: No specific filtering or escaping of extracted text is performed before it is returned to the agent context.
- [COMMAND_EXECUTION]: The skill generates and executes JavaScript at runtime by piping local Python script output to the shell. This is a standard mechanism used by this vendor to perform browser-based tasks.
Audit Metadata