israeli-coupon-code-finder

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch real-time data from established Israeli coupon aggregators, cashback platforms, and financial benefit hubs such as Couponim (couponim.co.il), Cashback.co.il, and Max (max.co.il). These are legitimate and authoritative regional services used for the skill's primary purpose.
  • [COMMAND_EXECUTION]: Includes a vendor-supplied Python script (scripts/rank_codes.py) used to rank and format search results. The script uses standard libraries (json, argparse, sys) to process data and does not perform network operations or access sensitive system files.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data gathered from live web searches. It implements several security measures to mitigate risks:
  • Ingestion points: Data enters the context via web search results for coupon codes (SKILL.md Step 2).
  • Boundary markers: Explicit 'Anti-fabrication rules' (Step 0) and verification requirements (Step 4) instruct the agent to ignore any fabricated or unverifiable content.
  • Capability inventory: Uses web search, read-only browser tools, and a local script for data processing.
  • Sanitization: The ranking script (scripts/rank_codes.py) includes a cell() function that escapes Markdown control characters (like '|' and '\n') to prevent external data from manipulating the agent's output table structure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 10:25 PM
Security Audit — agent-trust-hub — israeli-coupon-code-finder