webmcp-commerce-tools
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches documentation and commerce-related implementation examples from the official Chrome developer blog.
- [COMMAND_EXECUTION]: The skill requests extensive permissions including
Bash,Write, andEdit. While no specific malicious commands are present in the instructions, these capabilities grant the agent broad control over the local environment. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it combines the ingestion of untrusted external data with high-privilege capabilities.
- Ingestion points: Uses
WebFetchandWebSearchto retrieve content from arbitrary third-party e-commerce sites and community implementations (SKILL.md). - Boundary markers: Absent. The instructions do not define delimiters or warnings for the agent to ignore instructions embedded in the fetched web content.
- Capability inventory: The skill utilizes
Bash,Write,Edit, andWebFetch(SKILL.md). - Sanitization: Absent. There are no requirements defined for validating or sanitizing the data returned from web searches or external fetches before processing.
Audit Metadata