trustpilot-reviews
Warn
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions recommend using the shell's
evalcommand to execute the output of a Python script (eval "$(python scripts/extract-reviews.py)"). Recommendingevalfor dynamically generated content is a dangerous practice that can lead to arbitrary code execution if the generation logic or inputs are compromised.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from Trustpilot customer reviews. A malicious review could contain instructions designed to hijack the agent's behavior, leveraging its access to browser and shell tools.\n - Ingestion points: Customer review text and metadata extracted from
trustpilot.combyscripts/extract-reviews.py.\n - Boundary markers: No delimiters or warnings are used to isolate the untrusted review content in the output JSON.\n
- Capability inventory: Access to
browser-actfor browser manipulation andbashfor shell commands.\n - Sanitization: The extracted review text is not sanitized or escaped before being provided to the agent.
Audit Metadata