taobao-product-detail

Fail

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The instruction 'eval "$(python scripts/extract-product.py '{itemId}')"' in SKILL.md is vulnerable to shell command injection. Because the '{itemId}' variable is provided by the user and interpolated directly into a bash command string, an attacker can execute arbitrary system commands by providing an input with shell metacharacters (e.g., "'; touch /tmp/pwned; #").
  • [REMOTE_CODE_EXECUTION]: The script 'scripts/extract-product.py' performs unsafe string interpolation of the 'item_id' argument into a JavaScript string literal ('{args.item_id}'). This enables arbitrary JavaScript execution within the browser context if the user-controlled 'itemId' contains a single quote, potentially allowing theft of session cookies or user data.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts untrusted data (product titles, shop names, and attributes) from external Taobao/Tmall pages and incorporates it into the agent's context. Evidence chain: (1) Ingestion points: DOM selectors for titles and attributes in 'scripts/extract-product.py'; (2) Boundary markers: Absent; (3) Capability inventory: Subprocess 'eval' execution and file system writes; (4) Sanitization: No evidence of validation or escaping for the extracted text.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — taobao-product-detail