market-alert
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external market sources that could contain malicious instructions.
- Ingestion points: Product titles, brand names, and seller information are fetched from Amazon Search, Jungle Scout, and Keepa APIs via the NexScope proxy (scripts/market_alert.py).
- Boundary markers: Absent. The report generation does not use specific delimiters or instructions to ignore embedded commands in product data.
- Capability inventory: The skill has access to
Bash,Read, andWritetools as defined in SKILL.md. - Sanitization: Absent. Strings retrieved from external APIs are interpolated directly into the markdown report without filtering or sanitization.
Audit Metadata