catalog-import-export
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements security best practices for handling large external datasets, including streaming CSV parsing (via
csv-parseandfs.createReadStream) to prevent memory exhaustion and strict schema validation (viazod) to ensure data integrity during imports. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted product data from external files (CSV, XML, JSON). While the provided code implements robust schema validation and type coercion for fields like
priceandhandle, the raw text content from product titles or descriptions remains a potential surface for indirect prompt injection if the database records are later consumed by an LLM without proper boundary markers.
Audit Metadata