goofish-search-list

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from the Goofish marketplace.
  • Ingestion points: Data such as item titles and descriptions are scraped from the DOM using extract-search-items.py.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands in the processed text.
  • Capability inventory: The skill uses the browser-act tool for navigation and a shell for command execution, creating a path for malicious instructions to potentially trigger actions.
  • Sanitization: No validation or filtering is applied to the extracted listing data before it reaches the agent context.
  • [COMMAND_EXECUTION]: The instructions recommend executing shell commands using the eval "$(python scripts/xxx.py {params})" pattern. This creates a surface for shell injection if the agent fails to properly sanitize user-provided parameters (such as search keywords or price ranges) before interpolating them into the bash command string.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — goofish-search-list