ecommerce-reviews

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the eval "$(python ...)" pattern in SKILL.md to execute the output of Python scripts as shell commands. This includes a reference to ../ecommerce-listing/scripts/extract-listing-next-page.py, which is located outside the skill's own directory structure.
  • [DYNAMIC_EXECUTION]: The scripts/extract-reviews.py script generates JavaScript code at runtime by injecting configuration parameters into a string template. This generated code is subsequently executed within the browser context.
  • [PROMPT_INJECTION]: The skill is designed to ingest untrusted third-party content from e-commerce websites, creating a surface for indirect prompt injection.
  • Ingestion points: The scripts/extract-reviews.py script extracts text from various DOM elements (titles, bodies, and author names) across multiple platforms like Amazon and WooCommerce.
  • Boundary markers: The skill does not employ any boundary markers or instructions to isolate the scraped data from the agent's command context.
  • Capability inventory: The skill uses the bash tool to execute Python scripts which in turn generate and execute JavaScript in the browser.
  • Sanitization: There is no evidence of sanitization, filtering, or validation performed on the extracted review content before it is returned to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — ecommerce-reviews