Skills
skills/nexscope-ai/nexscope-ecommerce-skills/competitor-listing-analyzer/Gen Agent Trust Hub

competitor-listing-analyzer

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests and displays untrusted data from external product listings.
  • Ingestion points: Listing titles, bullets, and descriptions are retrieved from the Amazon Product Detail API within scripts/competitor_listing_analyzer.py.
  • Boundary markers: Untrusted content is interpolated directly into the markdown report structure without protective delimiters or instructions to the agent to disregard embedded commands.
  • Capability inventory: The skill environment has access to Bash, Read, Write, and WebFetch tools as defined in the SKILL.md frontmatter.
  • Sanitization: No sanitization or instruction filtering is performed on the extracted listing text before it is presented to the agent.
  • [EXTERNAL_DOWNLOADS]: The skill initiates network requests to the vendor's proxy endpoint (NEXSCOPE_PROXY_BASE) to fetch Amazon product data. This communication is essential for the skill's functionality and targets the vendor's own infrastructure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 07:06 AM
Security Audit — agent-trust-hub — competitor-listing-analyzer