ecommerce-product-detail
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
evalto execute output from Python scripts in a bash environment (SKILL.md). While the provided script generates hardcoded JavaScript code, this pattern of dynamic code generation and execution is a potential security surface. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) from the untrusted website data it processes.
- Ingestion points: Website content is extracted via DOM queries and JSON-LD parsing in
scripts/extract-product.py(lines 15-132). - Boundary markers: No explicit boundary markers or warnings are used to prevent the agent from following instructions embedded in the extracted product descriptions.
- Capability inventory: The agent has access to a bash shell and subprocess execution via the
evalpattern defined in the skill components. - Sanitization: Standard DOM text extraction is used without sanitization or filtering of the content before it is returned to the agent context.
Audit Metadata