differentiation-advisor
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches product and review data from the NexScope proxy API (
/api/v1/tools/linkfox/*). These are vendor-owned resources used for the skill's primary functionality and are treated as safe within the vendor's own infrastructure context. - [COMMAND_EXECUTION]: Executes Python scripts (
differentiation_advisor.py) to perform statistical analysis and generate PNG charts. The implementation uses standard libraries such asmatplotlibandurllibwithout any risky subprocess spawning or arbitrary command execution. - [SAFE]: While the skill ingests untrusted data from external customer reviews, it employs a strict keyword-based filtering mechanism (e.g.,
PAIN_CATEGORIESandFEATURE_KEYWORDS). This approach effectively sanitizes the data by extracting only relevant analysis tokens, preventing indirect prompt injection or other data-driven attacks.
Audit Metadata