ecommerce-competitor-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection attacks. It ingests data from external e-commerce sites, such as product titles and customer reviews, and interpolates this content directly into an AI analysis prompt.
- Ingestion points: Untrusted product data is fetched via
scripts/scrape-amazon.jsusing the Olostep API and then processed inscripts/batch-processor.js. - Boundary markers: The prompt template in
prompts/analysis-prompt-base.mdlacks clear delimiters or instructions to the agent to ignore embedded commands within the{{ PRODUCT_CONTENT }}variable. - Capability inventory: The agent has the ability to write to the local filesystem (Markdown reports) and update external Google Sheets, which could be abused if an injection is successful.
- Sanitization: No sanitization or filtering is applied to the scraped data before it is passed to the LLM.
- [EXTERNAL_DOWNLOADS]: The skill utilizes several external APIs to fulfill its primary purpose.
- It fetches product page content via the Olostep API (
api.olostep.com). - It sends data to the Google Gemini API (
generativelanguage.googleapis.com) for analysis. - It interacts with the Google Sheets API for data export. While these operations are consistent with the skill's documentation, they involve external data transmissions to third-party services.
Audit Metadata