dropshipping-integration
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill contains standard software engineering patterns for e-commerce integrations.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill handles sensitive data such as supplier API keys. However, the evaluation criteria explicitly require that these keys be handled via decryption functions and stored using encryption-at-rest annotations in the database schema, which aligns with security best practices.
- [INDIRECT_PROMPT_INJECTION]: The skill describes processes for ingesting untrusted data from external supplier feeds (CSV/API). While this presents a theoretical attack surface, the context is strictly data processing for inventory management, and the risk is assessed as low given the standard parsing techniques recommended.
- [EXTERNAL_DOWNLOADS]: The skill references well-known and trusted services such as Shopify, WooCommerce, Zapier, n8n, and specific dropshipping tools (DSers, Spocket, etc.). These references are informative and functional for the intended use case.
Audit Metadata