newegg-compare
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses the curl utility within a bash environment to perform product searches against a Newegg API.
- [EXTERNAL_DOWNLOADS]: Downloads product metadata and rendered page content from Newegg's infrastructure (apis.newegg.com and www.newegg.com).
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through the ingestion of untrusted external content from product pages.
- Ingestion points: Product search results from the Newegg API and rendered text from the Newegg comparison website.
- Boundary markers: Absent; the skill does not use delimiters to isolate external data.
- Capability inventory: Includes shell command execution (curl) and browser navigation.
- Sanitization: No validation or sanitization of external text is performed before processing.
Audit Metadata