webmcp-commerce-tools

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches documentation and commerce-related implementation examples from the official Chrome developer blog.
  • [COMMAND_EXECUTION]: The skill requests extensive permissions including Bash, Write, and Edit. While no specific malicious commands are present in the instructions, these capabilities grant the agent broad control over the local environment.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it combines the ingestion of untrusted external data with high-privilege capabilities.
  • Ingestion points: Uses WebFetch and WebSearch to retrieve content from arbitrary third-party e-commerce sites and community implementations (SKILL.md).
  • Boundary markers: Absent. The instructions do not define delimiters or warnings for the agent to ignore instructions embedded in the fetched web content.
  • Capability inventory: The skill utilizes Bash, Write, Edit, and WebFetch (SKILL.md).
  • Sanitization: Absent. There are no requirements defined for validating or sanitizing the data returned from web searches or external fetches before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — webmcp-commerce-tools