Skills
skills/nexscope-ai/nexscope-ecommerce-skills/review-checker/Gen Agent Trust Hub

review-checker

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run local analysis logic using python3 scripts/review_checker.py for review mining and chart generation.
  • [EXTERNAL_DOWNLOADS]: Product and review data are retrieved from Amazon marketplaces through the vendor's (nexscope-ai) proxy API infrastructure (NEXSCOPE_PROXY_BASE).
  • [PROMPT_INJECTION]: The skill processes untrusted Amazon review content which presents an indirect prompt injection surface. Ingestion points: Review text and titles are fetched from the NexScope API in scripts/review_checker.py. Boundary markers: No explicit delimiters are used to isolate untrusted text from the analysis logic. Capability inventory: The agent can execute local scripts and write chart image files to the filesystem. Sanitization: Content is normalized to lowercase for keyword-based classification (sentiment and pain-point mining), providing inherent resistance to command-based injection within the script execution context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 07:06 AM
Security Audit — agent-trust-hub — review-checker