goofish-search-list
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from the Goofish marketplace.
- Ingestion points: Data such as item titles and descriptions are scraped from the DOM using
extract-search-items.py. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands in the processed text.
- Capability inventory: The skill uses the
browser-acttool for navigation and a shell for command execution, creating a path for malicious instructions to potentially trigger actions. - Sanitization: No validation or filtering is applied to the extracted listing data before it reaches the agent context.
- [COMMAND_EXECUTION]: The instructions recommend executing shell commands using the
eval "$(python scripts/xxx.py {params})"pattern. This creates a surface for shell injection if the agent fails to properly sanitize user-provided parameters (such as search keywords or price ranges) before interpolating them into the bash command string.
Audit Metadata