Skills
skills/dvcrn/openclaw-skills-marketplace/pinterest/Gen Agent Trust Hub

pinterest

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The Python script scripts/pinterest_api.py checks for the presence of the httpx library and automatically installs it from the official Python Package Index (PyPI) if missing. httpx is a well-known, reputable library for HTTP networking.
  • [COMMAND_EXECUTION]: To manage dependencies, the script executes the pip package manager using subprocess.check_call. This is a standard and safe implementation for a standalone utility script.
  • [PROMPT_INJECTION]: The skill processes untrusted content (pin descriptions and titles) from Pinterest search results, representing an indirect prompt injection surface.
  • Ingestion points: Data is fetched via web scraping and API calls in scripts/pinterest_api.py and returned to the agent context.
  • Boundary markers: The instructions do not define explicit delimiters to isolate the scraped pin data from the agent's internal instructions.
  • Capability inventory: The skill has the ability to perform network requests and execute local scripts.
  • Sanitization: While descriptions are truncated, the content is not sanitized for potential embedded instructions before being passed to the agent.
  • [DATA_EXFILTRATION]: All network requests are strictly scoped to official Pinterest infrastructure (pinterest.com, api.pinterest.com) and its content delivery network (i.pinimg.com). No sensitive data access or third-party exfiltration was detected.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 07:40 PM