visual-product-search
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on an external Node.js package (
@shopme/visual-product-search-mcp) executed vianpx. This package is not from a trusted organization listed in the security policy, posing a risk of executing unverified code from the public npm registry. - COMMAND_EXECUTION (LOW): The recommended MCP configuration uses
npx, which downloads and executes the latest version of the specified tool at runtime. While standard for many tools, it bypasses static version pinning and local audits. - PROMPT_INJECTION (LOW): (Category 8
- Indirect Prompt Injection) The
extract_product_from_imagetool processes external image URLs to extract product names and detected text. This represents an attack surface where malicious text embedded in images could influence the agent's behavior. - Ingestion points:
imageUrlinextract_product_from_imageandsearch_by_imagetools. - Boundary markers: Absent. The skill does not instruct the agent to ignore instructions found within the processed images.
- Capability inventory: The skill returns structured text data which influences the agent's downstream reasoning and search parameters.
- Sanitization: None mentioned; the AI vision model's output is passed directly to the agent context.
- CREDENTIALS_UNSAFE (LOW): The skill requires five distinct API secrets (Taobao App Secret/Token, AliExpress DS Secret, Gemini API Key). While the skill doesn't hardcode them, the accumulation of high-value credentials in an unverified tool increases the risk of exfiltration if the MCP server is compromised.
Audit Metadata