Skills
skills/nexscope-ai/nexscope-ecommerce-skills/niche-evaluator/Gen Agent Trust Hub

niche-evaluator

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests data from several external e-commerce sources (Amazon, eBay, TikTok, and Google Trends) which is then used to generate a markdown evaluation report. This creates a surface for indirect prompt injection if product titles or other fields from these APIs contain malicious instructions aimed at the agent.
  • Ingestion points: scripts/niche_evaluator.py fetches and parses data from multiple endpoints through the call_api and js_api_call functions.
  • Boundary markers: No specific delimiters or "ignore previous instructions" warnings are applied to the external content before it is processed into the final report.
  • Capability inventory: The skill uses Bash, Read, and Write tools, which could be misused if an injection attack succeeds.
  • Sanitization: The script performs basic truncation on product titles, but does not sanitize content for potential prompt injection markers.
  • [EXTERNAL_DOWNLOADS]: The skill relies on external Python packages for data visualization and processing. It uses matplotlib, numpy, and Pillow (PIL) for generating niche score charts and price distribution visualizations. Additionally, references/display-rules.md references the adjustText library as a suggested dependency.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 04:16 AM
Security Audit — agent-trust-hub — niche-evaluator