ecommerce-seller-info
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
evalto run a local Python script that generates JavaScript code for browser-based scraping. While the mechanism uses dynamic evaluation, the source is a local script included in the skill package.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted text from external web pages without sanitization.\n - Ingestion points: Seller names, descriptions, and return policies extracted from merchant pages on Amazon and eBay as defined in
scripts/extract-seller.py.\n - Boundary markers: No delimiters or safety instructions are used to separate the scraped merchant data from the agent's internal instruction context.\n
- Capability inventory: The agent has access to
bashand thebrowser-acttool, which could be targeted if the agent obeys instructions embedded in the scraped data.\n - Sanitization: The skill does not perform any validation or sanitization of the text retrieved from the DOM before returning it to the agent context.
Audit Metadata