goofish-item-detail

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute eval "$(python scripts/extract-item-detail.py)" via a bash tool. This pattern is inherently dangerous as it causes the shell to execute the output of the Python script as commands. While the current script returns JavaScript text intended for a browser, the execution flow itself is a high-risk vector for arbitrary code execution if the script output were to contain shell commands.
  • [PROMPT_INJECTION]: The skill scrapes item descriptions, titles, and tags from the Goofish (Xianyu) marketplace, which is untrusted external data. This creates a surface for indirect prompt injection where an attacker (seller) could embed malicious instructions in a listing to influence the agent's subsequent actions.
  • Ingestion points: The scripts/extract-item-detail.py file extracts content from document.body.innerText and various DOM elements on goofish.com pages.
  • Boundary markers: No delimiters or safety warnings are used when returning the extracted data to the agent context.
  • Capability inventory: The agent has access to bash for command execution and browser-act for navigation.
  • Sanitization: There is no evidence of text sanitization or filtering performed on the scraped content before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 04:38 AM
Security Audit — agent-trust-hub — goofish-item-detail