e-commerce
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains only documentation and instructional guidelines. No executable scripts, binaries, or configuration files are present in the provided context.
- [PROMPT_INJECTION]: The skill outlines the process for ingesting untrusted data from external e-commerce sites, which represents an indirect prompt injection surface.
- Ingestion points: Third-party product pages, sitemaps, and API endpoints (e.g.,
/products.json). - Boundary markers: No delimiters or boundary markers are defined in the instructions to separate untrusted data from agent logic.
- Capability inventory: The skill references the use of the
interacttool for page navigation and state manipulation. - Sanitization: The instructions do not mention sanitization or validation of the extracted external content.
Audit Metadata