taobao-keyword-search
Fail
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions prescribe an unsafe execution pattern in the SKILL.md file:
eval "$(python scripts/search-products.py '{keyword}' ...)". This pattern is highly vulnerable to shell command injection through the{keyword}parameter. If a user provides a keyword containing shell metacharacters such as semicolons, backticks, or subshell syntax (e.g.,$(...)), the agent will execute those commands on the host system without validation.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it extracts and processes untrusted data from the Taobao search results page.\n - Ingestion points: The
scripts/search-products.pyscript extracts product titles, subtitles, and tags fromhttps://s.taobao.com/search.\n - Boundary markers: While results are structured in a JSON array, the instructions lack markers or warnings to treat this external content as untrusted data or to ignore embedded instructions.\n
- Capability inventory: The skill utilizes shell command execution (
eval,bash) and script generation capabilities, providing a significant impact surface for any successful injection.\n - Sanitization: No sanitization, escaping, or validation is performed on the scraped product content before it is returned to the agent context.
Recommendations
- AI detected serious security threats
Audit Metadata