Skills
skills/orcaqubits/agentic-commerce-skills-plugins/woo-shipping/Gen Agent Trust Hub

woo-shipping

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its operational workflow.
  • Ingestion points: The instructions direct the agent to use WebSearch and WebFetch to retrieve live documentation and community tutorials from external websites (SKILL.md).
  • Boundary markers: The instructions do not specify any boundary markers or delimiters to isolate fetched content from the agent's primary instructions, nor do they include warnings to ignore instructions embedded within the external data.
  • Capability inventory: The skill is configured with Write, Edit, and Bash tools, which allow the agent to modify the project filesystem or execute shell commands based on information retrieved from untrusted external sources (SKILL.md).
  • Sanitization: There are no defined procedures for sanitizing, validating, or filtering the external content before the agent processes it.
  • [EXTERNAL_DOWNLOADS]: The skill fetches documentation from a well-known source (https://woocommerce.github.io/code-reference/classes/WC-Shipping-Method.html). This is a legitimate development resource and does not contribute to verdict escalation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:10 AM