cross-sell-upsell-engine
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill includes template code for fetching recommendation data from Rebuy Engine. This is a well-known third-party e-commerce personalization service.
- Evidence: Fetch call to
https://rebuyengine.com/api/v1/products/recommendedusing a placeholder API key. - [INDIRECT_PROMPT_INJECTION]: The skill defines a surface for processing untrusted order data to generate product recommendations.
- Ingestion points: Order history is ingested from the database via
db.orders.findAllinSKILL.md. - Boundary markers: Not explicitly implemented in the provided architectural templates.
- Capability inventory: Includes network capabilities to fetch data from external APIs and file-write capabilities for affinity records.
- Sanitization: Data is processed for statistical affinity without explicit sanitization, which is standard for recommendation logic.
- [SAFE]: No obfuscation, unauthorized command execution, or persistence mechanisms were detected across the skill files.
Audit Metadata