yao-demand-skill
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute local Python scripts such as 'scripts/render_report.py' and 'scripts/score_triangle.py' to generate visual reports and calculate demand scores based on a structured JSON report format.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests and processes untrusted external data including product URLs, descriptions, and documents for analysis. \n
- Ingestion points: Untrusted data enters the agent context through 'product_url', 'product_description', and 'product_docs' inputs as specified in 'manifest.json' and 'SKILL.md'. \n
- Boundary markers: The instructions and scripts do not explicitly define delimiters or warnings to the agent to disregard instructions embedded in the provided product evidence. \n
- Capability inventory: The skill uses subprocess calls to execute local Python scripts and performs network operations during its research phase (Workflow Step 4). \n
- Sanitization: The 'render_report.py' script uses 'html.escape' when generating HTML and XML components for the reports, providing basic protection against malicious payloads in the processed data.
Audit Metadata