Skills
skills/liangdabiao/amazon-sorftime-research-mcp-skill/review-analysis/Gen Agent Trust Hub

review-analysis

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses system commands such as mkdir to create directory structures for reports and cp to manage temporary data files.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes curl to communicate with the external API endpoint mcp.sorftime.com to retrieve product details and review data. This is part of its core functionality.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks.
  • Ingestion points: Untrusted data enters the agent context via Amazon product reviews fetched from the Sorftime API and stored in raw_reviews_sse.txt.
  • Boundary markers: None. The skill does not instruct the agent to use delimiters or ignore potential instructions embedded within the review text.
  • Capability inventory: The agent has the ability to read and write files and execute shell commands via the Bash, Read, and Write tools.
  • Sanitization: There is no evidence of filtering, escaping, or validation of the external review content before it is processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 10:55 AM