taobao-keyword-search

Fail

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions prescribe an unsafe execution pattern in the SKILL.md file: eval "$(python scripts/search-products.py '{keyword}' ...)". This pattern is highly vulnerable to shell command injection through the {keyword} parameter. If a user provides a keyword containing shell metacharacters such as semicolons, backticks, or subshell syntax (e.g., $(...)), the agent will execute those commands on the host system without validation.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it extracts and processes untrusted data from the Taobao search results page.\n
  • Ingestion points: The scripts/search-products.py script extracts product titles, subtitles, and tags from https://s.taobao.com/search.\n
  • Boundary markers: While results are structured in a JSON array, the instructions lack markers or warnings to treat this external content as untrusted data or to ignore embedded instructions.\n
  • Capability inventory: The skill utilizes shell command execution (eval, bash) and script generation capabilities, providing a significant impact surface for any successful injection.\n
  • Sanitization: No sanitization, escaping, or validation is performed on the scraped product content before it is returned to the agent context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — taobao-keyword-search