yao-demand-skill

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the agent to execute local Python scripts such as 'scripts/render_report.py' and 'scripts/score_triangle.py' to generate visual reports and calculate demand scores based on a structured JSON report format.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests and processes untrusted external data including product URLs, descriptions, and documents for analysis. \n
  • Ingestion points: Untrusted data enters the agent context through 'product_url', 'product_description', and 'product_docs' inputs as specified in 'manifest.json' and 'SKILL.md'. \n
  • Boundary markers: The instructions and scripts do not explicitly define delimiters or warnings to the agent to disregard instructions embedded in the provided product evidence. \n
  • Capability inventory: The skill uses subprocess calls to execute local Python scripts and performs network operations during its research phase (Workflow Step 4). \n
  • Sanitization: The 'render_report.py' script uses 'html.escape' when generating HTML and XML components for the reports, providing basic protection against malicious payloads in the processed data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 07:50 AM
Security Audit — agent-trust-hub — yao-demand-skill