product-recommendation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill configuration instructs the agent to run
npx -y @shopme/product-recommendation-mcp. This downloads a package from the npm registry at runtime. - Evidence: Found in MCP Server Setup section:
"args": ["-y", "@shopme/product-recommendation-mcp"]. - [REMOTE_CODE_EXECUTION] (HIGH): The use of
npx -yon a package from an unverified organization (@shopme) allows for arbitrary code execution on the host machine. There is no version pinning or hash verification, making the system vulnerable to supply chain attacks or malicious updates from the package author. - [INDIRECT_PROMPT_INJECTION] (LOW): The
recommend_alternativestool processes user-controlled product names and preferences which are passed to an LLM. - Ingestion points:
recommend_alternativesinputs (name, category, preferences). - Boundary markers: Absent; no instructions are provided to the agent to ignore instructions embedded in the product data.
- Capability inventory: Network access via Gemini API interaction.
- Sanitization: Absent; the skill does not specify any sanitization or validation of input product strings before processing.
Recommendations
- AI detected serious security threats
Audit Metadata