coupon-management
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard e-commerce implementation patterns without any detected malicious activity.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input in the form of user-submitted coupon codes. Analysis of the provided TypeScript examples shows proper use of parameterized queries and input normalization (toUpperCase and trim), which mitigates common injection risks. Ingestion points: validateCoupon function in SKILL.md. Boundary markers: Input normalization is present. Capability inventory: Database read/write via stubs; no dangerous subprocess or network calls. Sanitization: Normalization and parameterized SQL are used.
Audit Metadata