ecommerce-seller-info

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses eval to run a local Python script that generates JavaScript code for browser-based scraping. While the mechanism uses dynamic evaluation, the source is a local script included in the skill package.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted text from external web pages without sanitization.\n
  • Ingestion points: Seller names, descriptions, and return policies extracted from merchant pages on Amazon and eBay as defined in scripts/extract-seller.py.\n
  • Boundary markers: No delimiters or safety instructions are used to separate the scraped merchant data from the agent's internal instruction context.\n
  • Capability inventory: The agent has access to bash and the browser-act tool, which could be targeted if the agent obeys instructions embedded in the scraped data.\n
  • Sanitization: The skill does not perform any validation or sanitization of the text retrieved from the DOM before returning it to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — ecommerce-seller-info