Skills
skills/nexscope-ai/nexscope-ecommerce-skills/image-similarity-finder/Gen Agent Trust Hub

image-similarity-finder

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection as it processes and displays external data from product marketplaces.
  • Ingestion points: Untrusted product metadata, such as titles and brand names, is fetched from the NexScope API (which proxies Amazon) in the scripts/image_similarity_finder.py script.
  • Boundary markers: There are no explicit delimiters or instructions within the scripts or markdown templates to prevent the agent from interpreting instructions that could be maliciously embedded in product titles or descriptions.
  • Capability inventory: The skill is configured with Bash, Read, and Write tool access, which allows it to execute Python scripts, read data, and write chart images to the local filesystem.
  • Sanitization: The skill performs basic string truncation for display purposes but does not implement security-focused sanitization to filter out potential injection strings from the retrieved marketplace data.
  • [EXTERNAL_DOWNLOADS]: The skill's documentation and scripts reference well-known Python libraries, including matplotlib and adjustText, which are required for chart generation and label management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 07:06 AM
Security Audit — agent-trust-hub — image-similarity-finder