trustpilot-reviews

Warn

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions recommend using the shell's eval command to execute the output of a Python script (eval "$(python scripts/extract-reviews.py)"). Recommending eval for dynamically generated content is a dangerous practice that can lead to arbitrary code execution if the generation logic or inputs are compromised.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from Trustpilot customer reviews. A malicious review could contain instructions designed to hijack the agent's behavior, leveraging its access to browser and shell tools.\n
  • Ingestion points: Customer review text and metadata extracted from trustpilot.com by scripts/extract-reviews.py.\n
  • Boundary markers: No delimiters or warnings are used to isolate the untrusted review content in the output JSON.\n
  • Capability inventory: Access to browser-act for browser manipulation and bash for shell commands.\n
  • Sanitization: The extracted review text is not sanitized or escaped before being provided to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 9, 2026, 11:22 AM
Security Audit — agent-trust-hub — trustpilot-reviews