Skills
skills/varnan-tech/opendirectory/where-your-customer-lives/Gen Agent Trust Hub

where-your-customer-lives

Warn

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill utilizes Python heredocs in SKILL.md (Step 2 and Step 6) to dynamically generate and execute Python scripts. User-controlled variables, including product descriptions and ICP details, are interpolated directly into these script templates. This creates a vulnerability surface for arbitrary Python code execution if the agent fails to sanitize the inputs.
  • [COMMAND_EXECUTION]: In Step 3 of SKILL.md, the skill executes a shell command that incorporates arguments extracted via Python subshells from a user-populated JSON file. This interpolation pattern is a vulnerability surface for command injection if malicious shell metacharacters are present in the user input and are not properly sanitized.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources like Reddit, Hacker News, and DuckDuckGo search results. This data is then analyzed by the AI agent in Step 5 to generate marketing strategies without explicit boundary markers or instructions to ignore embedded malicious content. • Ingestion points: External content fetched by scripts/fetch.py and stored in /tmp/wcl-raw.json. • Boundary markers: Absent from the instructions. • Capability inventory: Use of python3 for subprocess execution and file system writes to docs/channel-map/. • Sanitization: No sanitization or filtering of external data is performed before AI processing.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from established services including Reddit, Hacker News (Algolia API), and DuckDuckGo. These network operations are central to the skill's purpose and target well-known platforms.
  • [SAFE]: The skill supports an optional GITHUB_TOKEN environment variable for GitHub API requests to manage rate limits, which follows standard developer practices.
  • [SAFE]: The scripts/fetch.py script disables SSL verification. Although this violates security best practices, it is a common implementation detail for such utility scripts and does not indicate malicious intent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 2, 2026, 12:16 PM
Security Audit — agent-trust-hub — where-your-customer-lives