goofish-item-detail
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute
eval "$(python scripts/extract-item-detail.py)"via a bash tool. This pattern is inherently dangerous as it causes the shell to execute the output of the Python script as commands. While the current script returns JavaScript text intended for a browser, the execution flow itself is a high-risk vector for arbitrary code execution if the script output were to contain shell commands. - [PROMPT_INJECTION]: The skill scrapes item descriptions, titles, and tags from the Goofish (Xianyu) marketplace, which is untrusted external data. This creates a surface for indirect prompt injection where an attacker (seller) could embed malicious instructions in a listing to influence the agent's subsequent actions.
- Ingestion points: The
scripts/extract-item-detail.pyfile extracts content fromdocument.body.innerTextand various DOM elements ongoofish.compages. - Boundary markers: No delimiters or safety warnings are used when returning the extracted data to the agent context.
- Capability inventory: The agent has access to
bashfor command execution andbrowser-actfor navigation. - Sanitization: There is no evidence of text sanitization or filtering performed on the scraped content before processing.
Audit Metadata