Skills
skills/kishorkukreja/awesome-supply-chain/track-and-trace/Gen Agent Trust Hub

track-and-trace

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data such as shipment notes and product contents within the ShipmentTrackingSystem and ProductTraceabilitySystem classes, which creates a surface for indirect prompt injection.
  • Ingestion points: shipment_id, notes, contents, and lot_id fields in SKILL.md.
  • Boundary markers: The code lacks delimiters or instructions to ignore embedded commands in the processed data.
  • Capability inventory: The skill uses pandas and numpy for data processing and references capabilities for network communication (requests, paramiko), database access (sqlalchemy), and blockchain interaction (web3.py).
  • Sanitization: No input validation or sanitization is implemented for the data entered into the tracking systems.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 08:19 PM