WooCommerce Automation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. No malicious code, obfuscation, or unauthorized access patterns were found in the skill definitions.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. Ingestion points: The skill processes external data including 'Order data', 'Product information', and 'Customer details' from the WooCommerce environment. Boundary markers: Data interpolation in templates (e.g., {{product_name}}) lacks explicit delimiters or instructions to ignore embedded commands. Capability inventory: Uses the 'ecommerce-mcp' server with write-access tools like 'woo_orders' and 'woo_products'. Sanitization: No explicit validation is defined. Note: This surface is inherent to e-commerce automation and is considered safe within the intended context.
- [DATA_EXFILTRATION]: Network Operations. The skill is configured to use API and FTP connections for legitimate inventory and order synchronization. These operations are part of the core functionality and do not involve unauthorized access to sensitive local system files.
Audit Metadata