linkfox-walmart-wmtwin
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/wmtwin_search_competitors.pyinvokesos.system()to call the system's 'open' command. This is used to display a CAPTCHA image file to the user for manual recognition during the login process. - [CREDENTIALS_UNSAFE]: The skill stores sensitive authentication session data, including cookies and headers, in JSON files located within
/tmp/linkfox_wmtwin_sessions/. While intended for user convenience, storing credentials in a shared temporary directory can pose a risk of session hijacking on multi-user systems. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and processing data from a third-party API.
- Ingestion points: Product details and seller information are retrieved from
www.wmtwin.comviascripts/wmtwin_search_competitors.py. - Boundary markers: There are no explicit delimiters or instructions to the agent to ignore embedded commands in the processed data.
- Capability inventory: The skill has the ability to perform network requests, write to the filesystem, and execute shell commands.
- Sanitization: Although the skill decodes Unicode-encoded data from the API, it does not implement security sanitization or validation of the content before it is presented to the agent.
Audit Metadata