product-appeal-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection. It is designed to fetch and analyze external websites using the WebFetch tool, but lacks instructions to sanitize this content or wrap it in boundary markers. \n
- Ingestion points: External URLs are ingested into the agent context via WebFetch as defined in SKILL.md. \n
- Boundary markers: No delimiters or warnings are used to separate untrusted web data from the agent's core instructions. \n
- Capability inventory: The skill allows Read, Write, Edit, and WebFetch, which could be exploited to overwrite local files if a malicious site contains embedded instructions. \n
- Sanitization: No logic is present to filter or validate content fetched from the web. \n- REMOTE_CODE_EXECUTION (SAFE): While SKILL.md mentions a script at 'scripts/appeal_scorer.py', this file is not included in the provided 6 files of the skill package. This represents a missing dependency rather than a malicious execution pattern, as no remote download or piping to a shell is instructed.
Audit Metadata