Skills
skills/oneshot-agent/agent-skills/oneshot-commerce/Gen Agent Trust Hub

oneshot-commerce

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill uses the @oneshot-agent/sdk Node.js package. This package is an official resource from the author 'oneshotagent' and is used for its intended purpose of providing commerce functionality.
  • [SAFE]: References to oneshotagent.com and docs.oneshotagent.com point to the official infrastructure of the skill developer.
  • [DATA_EXFILTRATION]: The skill involves the transmission of sensitive shipping information, including phone numbers and physical addresses. This data flow is documented and necessary for the core task of purchasing and delivering physical products.
  • [PROMPT_INJECTION]: The skill retrieves product search results from external sources via commerceSearch. This creates a surface for indirect prompt injection where third-party content (such as product descriptions) could contain instructions for the agent, representing a standard risk factor for data-ingesting skills.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:25 PM
Security Audit — agent-trust-hub — oneshot-commerce