fastmoss-shops
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Python scripts (
shop_scraper.py,shop_filtered.py,analyze.py) to automate browser interaction via a local daemon and process the results. These operations are scoped to the skill's intended functionality. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability because it processes untrusted data from an external website.
- Ingestion points: Untrusted data is scraped from fastmoss.com via the
EXTRACT_JSscript inscripts/shop_scraper.pyand stored in CSV files. - Boundary markers: The Markdown report template in
references/analysis_recipe.mdlacks delimiters or protective instructions to distinguish between the report structure and the scraped data. - Capability inventory: The skill can execute shell commands, navigate browser tabs, and write to the local file system.
- Sanitization:
scripts/analyze.pyperforms no sanitization or escaping of the scraped strings before interpolating them into the analysis report.
Audit Metadata