fastmoss-shops

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes Python scripts (shop_scraper.py, shop_filtered.py, analyze.py) to automate browser interaction via a local daemon and process the results. These operations are scoped to the skill's intended functionality.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability because it processes untrusted data from an external website.
  • Ingestion points: Untrusted data is scraped from fastmoss.com via the EXTRACT_JS script in scripts/shop_scraper.py and stored in CSV files.
  • Boundary markers: The Markdown report template in references/analysis_recipe.md lacks delimiters or protective instructions to distinguish between the report structure and the scraped data.
  • Capability inventory: The skill can execute shell commands, navigate browser tabs, and write to the local file system.
  • Sanitization: scripts/analyze.py performs no sanitization or escaping of the scraped strings before interpolating them into the analysis report.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:23 AM
Security Audit — agent-trust-hub — fastmoss-shops