taobao-shop-catalog
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in
SKILL.mddescribe a pattern for executing shell commands using string interpolation:eval "$(python scripts/extract-catalog.py '{shopId}' --page {page})". Because the{shopId}and{page}variables are sourced from user input and placed directly into a shell execution context without sanitization, the skill is vulnerable to command injection. An attacker could provide a maliciousshopIdcontaining shell metacharacters (e.g.,'; <malicious_command> ;') to execute arbitrary code on the underlying system. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from external Taobao and Tmall product pages.
- Ingestion points: Product titles, item IDs, and image URLs are extracted from external web pages via
scripts/extract-catalog.pyand ingested into the agent's context. - Boundary markers: The skill does not implement delimiters or provide instructions to the agent to disregard potential instructions embedded within the scraped content.
- Capability inventory: The skill utilizes high-privilege tools including
bash,python, andbrowser-act, which could be exploited if an injection occurs. - Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from the external sources before it is returned to the agent.
Audit Metadata