ecommerce-reviews
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
eval "$(python ...)"pattern inSKILL.mdto execute the output of Python scripts as shell commands. This includes a reference to../ecommerce-listing/scripts/extract-listing-next-page.py, which is located outside the skill's own directory structure. - [DYNAMIC_EXECUTION]: The
scripts/extract-reviews.pyscript generates JavaScript code at runtime by injecting configuration parameters into a string template. This generated code is subsequently executed within the browser context. - [PROMPT_INJECTION]: The skill is designed to ingest untrusted third-party content from e-commerce websites, creating a surface for indirect prompt injection.
- Ingestion points: The
scripts/extract-reviews.pyscript extracts text from various DOM elements (titles, bodies, and author names) across multiple platforms like Amazon and WooCommerce. - Boundary markers: The skill does not employ any boundary markers or instructions to isolate the scraped data from the agent's command context.
- Capability inventory: The skill uses the
bashtool to execute Python scripts which in turn generate and execute JavaScript in the browser. - Sanitization: There is no evidence of sanitization, filtering, or validation performed on the extracted review content before it is returned to the agent.
Audit Metadata