product-categorization
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes an AI-assisted categorization workflow that ingests product metadata which may originate from untrusted external sources.
- Ingestion points: Product titles and descriptions are processed by the
suggestCategoriesfunction (referenced inSKILL.mdand defined inlib/autoCategorize.js). - Boundary markers: Code and prompts lack explicit delimiters or "ignore instructions" warnings for the processed product data.
- Capability inventory: The skill uses database updates (
db.categories.updateinSKILL.md) to apply categorization results based on LLM suggestions. - Sanitization: No content sanitization or validation logic is present to filter instructional or adversarial text from product fields before inclusion in the LLM prompt.
Audit Metadata