Skills
skills/neweggai/newegg_skills/newegg-clearance/Gen Agent Trust Hub

newegg-clearance

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The instructions "Do not ask for clarification" and "call immediately" are designed to suppress agent autonomy and bypass user confirmation before tool execution.
  • [COMMAND_EXECUTION]: The skill utilizes the bash tool to execute curl for API interaction, which is necessary for its stated purpose.
  • [DATA_EXFILTRATION]: Network requests are made to apis.newegg.com. This is a well-known service domain belonging to the vendor (Newegg), making the operation safe in this context.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and displaying third-party product titles and descriptions. Ingestion points: Data returned from apis.newegg.com in SKILL.md. Boundary markers: Absent. Capability inventory: bash tool access (curl). Sanitization: There is no evidence of filtering or escaping for the strings retrieved from the API before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 03:45 AM