walmart-review-checker
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
scripts/analyzer.py) to process and analyze review data. This is the primary functionality and is performed locally without elevated privileges.\n- [EXTERNAL_DOWNLOADS]: The HTML report generator (scripts/report_html.py) includes a reference to thechart.jslibrary from the JSDelivr CDN (cdn.jsdelivr.net). This is a well-known service used for legitimate data visualization components and does not pose a security risk.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted review content and includes snippets of this content in the generated reports. If an AI agent reads these reports, maliciously crafted reviews could potentially influence the agent's behavior.\n - Ingestion points: Review content is ingested via
scripts/analyzer.pyandscripts/parser.pyfrom command-line arguments or JSON/CSV inputs.\n - Boundary markers: The skill does not use explicit delimiters or "ignore instructions" markers when including raw review snippets in its summary or reports.\n
- Capability inventory: The skill writes analysis results to the console and generates local HTML files; it does not have network-write or broad system access.\n
- Sanitization: No sanitization or filtering is applied to the review text before it is displayed in the report output.\n- [METADATA_POISONING]: Internal documentation in
scripts/analyzer.pyinconsistently refers to the tool as an "Amazon Review Checker" despite the skill being named "walmart-review-checker". This is likely a developer oversight rather than a malicious attempt to deceive.
Audit Metadata