Skills
skills/nomadamas/k-skill/coupang-product-search/Gen Agent Trust Hub

coupang-product-search

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill connects to an external MCP endpoint at yuju777-coupang-mcp.hf.space. Hugging Face is a well-known service for hosting AI and data science applications.
  • [COMMAND_EXECUTION]: The workflow involves executing bash commands (curl, grep, awk, tr, sed) to initialize API sessions and process JSON-RPC responses. These are standard utility calls for integrating with HTTP-based MCP servers.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests product data (titles, descriptions) from an external service into the agent's context.
  • Ingestion points: Product search results from yuju777-coupang-mcp.hf.space.
  • Boundary markers: Absent.
  • Capability inventory: Shell command execution via curl.
  • Sanitization: Absent.
  • [SAFE]: The skill does not access sensitive local files, use hardcoded credentials, or attempt to persist across sessions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 09:00 AM