ecommerce-product-detail

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses eval to execute output from Python scripts in a bash environment (SKILL.md). While the provided script generates hardcoded JavaScript code, this pattern of dynamic code generation and execution is a potential security surface.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) from the untrusted website data it processes.
  • Ingestion points: Website content is extracted via DOM queries and JSON-LD parsing in scripts/extract-product.py (lines 15-132).
  • Boundary markers: No explicit boundary markers or warnings are used to prevent the agent from following instructions embedded in the extracted product descriptions.
  • Capability inventory: The agent has access to a bash shell and subprocess execution via the eval pattern defined in the skill components.
  • Sanitization: Standard DOM text extraction is used without sanitization or filtering of the content before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — ecommerce-product-detail