Skills
skills/orcaqubits/agentic-commerce-skills-plugins/woo-admin/Gen Agent Trust Hub

woo-admin

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill directs the agent to perform web searches and fetch external documentation (e.g., via WebSearch and WebFetch) to assist with code generation. This creates an indirect prompt injection vulnerability where an attacker could influence the agent by placing malicious instructions on indexed web pages.
  • Ingestion points: External data enters the context through documentation searches and fetching from the web. (SKILL.md)
  • Boundary markers: The instructions lack delimiters or constraints to prevent the agent from executing instructions embedded in the fetched documentation.
  • Capability inventory: The skill is configured to allow high-privilege tools including Write, Edit, and Bash. (SKILL.md)
  • Sanitization: No validation or sanitization is performed on the retrieved web content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:10 AM