Skills
skills/orcaqubits/agentic-commerce-skills-plugins/sf-catalog/Gen Agent Trust Hub

sf-catalog

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs the agent to ingest untrusted data from external web sources, creating a surface for indirect prompt injection.
  • Ingestion points: Usage of WebSearch and WebFetch tools to retrieve "live docs" as specified in SKILL.md.
  • Boundary markers: Absent. The instructions do not provide delimiters or clear guidance to the agent to ignore potential instructions embedded in the external documentation.
  • Capability inventory: The skill has access to powerful tools including Bash, Write, and Edit, which could be abused if the agent obeys instructions hidden in fetched content.
  • Sanitization: Absent. There is no mention of validating or filtering the content retrieved from external URLs before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:10 AM