keyword-reverse-lookup
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill communicates with an external endpoint defined by the
NEXSCOPE_PROXY_BASEenvironment variable to retrieve e-commerce keyword data. It securely transmits theNEXSCOPE_API_KEYin the authorization header to authenticate requests to the vendor's infrastructure. - [COMMAND_EXECUTION]: The skill executes its primary logic via a Python script (
scripts/keyword_reverse_lookup.py) using theBashtool to process data and generate reports. - [EXTERNAL_DOWNLOADS]: The skill utilizes standard third-party libraries for generating analytical charts.
- Dependencies include
matplotlib,numpy, andPillow. - The documentation also suggests the use of the
adjustTextlibrary for optimizing label placement. - [PROMPT_INJECTION]: The skill processes external data from a proxy API, which presents a surface for indirect prompt injection.
- Ingestion points: Data is ingested from the NexScope Proxy API via the
js_api_callfunction inscripts/keyword_reverse_lookup.py. - Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions for the data being interpolated into the final report.
- Capability inventory: The skill is permitted to use
Bash,Read, andWritetools as specified in theSKILL.mdfrontmatter. - Sanitization: While the script validates that the API response is valid JSON, it does not perform semantic sanitization of the keyword strings before including them in the markdown output.
Audit Metadata