maishou
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it retrieves and displays product names and descriptions from external platforms like Taobao, JD.com, and others. Evidence: 1. Ingestion points: Data from third-party e-commerce platforms is processed by scripts/main.py and presented to the agent. 2. Boundary markers: The skill definition lacks delimiters or instructions to ignore instructions embedded within the product data. 3. Capability inventory: The agent can execute shell commands via uv run. 4. Sanitization: The sanitization logic within scripts/main.py cannot be evaluated as the script is not included in the provided files.
- COMMAND_EXECUTION (SAFE): The skill uses uv run to execute a local Python script for its primary tasks. While it uses shell command templates with interpolated keywords, this is the intended primary purpose of the skill, and no explicit malicious command injection or persistence patterns were detected in the provided metadata.
Audit Metadata