taobao-product-reviews

Fail

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The instructions in SKILL.md use the pattern eval "$(python scripts/extract-reviews.py '{itemId}')". The {itemId} parameter, provided by the user, is interpolated directly into a shell command string without sanitization. This allows an attacker to execute arbitrary shell commands by crafting a malicious item ID containing command separators (e.g., ;, &&, or backticks).
  • [REMOTE_CODE_EXECUTION]: The skill utilizes a dynamic code execution chain where Python scripts are invoked to generate JavaScript snippets which are subsequently evaluated. This practice of generating and executing code at runtime is insecure, especially when the generation process involves user-controllable parameters, as it bypasses static security controls and increases the risk of code injection.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by scraping untrusted content. Ingestion points: Customer reviews are fetched from the Taobao/Tmall DOM using scripts/extract-reviews.py. Boundary markers: There are no delimiters or markers used to distinguish external data from agent instructions. Capability inventory: The skill has access to shell execution and browser automation tools. Sanitization: No sanitization or validation is applied to the extracted review text before it is returned to the agent's context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — taobao-product-reviews