Skills
skills/liangdabiao/amazon-sorftime-research-mcp-skill/category-selection/Gen Agent Trust Hub

category-selection

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes product titles, brand names, and descriptions from the Sorftime API to generate reports.
  • Ingestion points: API responses from category_report and product_detail tools processed in workflow.py and analyze_category.py.
  • Boundary markers: No explicit delimiters or instructions are used to separate external data from system instructions in the generated Markdown or HTML reports.
  • Capability inventory: The skill can execute shell commands via subprocess (used for API calls) and has full file system write access for report generation.
  • Sanitization: Scripts such as sse_decoder.py perform basic cleaning of control characters and encoding fixes, but do not sanitize for prompt injection content.
  • [COMMAND_EXECUTION]: The workflow.py script executes system commands using subprocess.run to call curl. While this is used for legitimate API communication, it represents a capability that could be targeted, although it is implemented safely using argument lists rather than shell strings.
  • [EXTERNAL_DOWNLOADS]: The dashboard_template.html file references the ECharts library from the JSDelivr CDN (cdn.jsdelivr.net), which is a well-known and trusted service for front-end assets.
  • [CREDENTIALS_UNSAFE]: The skill is designed to retrieve a Sorftime API key from the local environment or a .mcp.json file. This is a primary function of the skill and is documented for user configuration, but involves handling sensitive authentication tokens.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 03:48 AM