brand-monitoring
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installation instructions reference a package from the author's official repository (nexscope-ai/eCommerce-Skills). This is documented as a standard installation procedure for the vendor's toolset.
- [DATA_EXFILTRATION]: The scraping logic in scripts/scrapers.py targets well-known services including Reddit, Google News, and DuckDuckGo. These network operations are essential for brand monitoring and do not involve unauthorized access to or exfiltration of sensitive local data or credentials.
- [PROMPT_INJECTION]: The skill ingests untrusted content from social media platforms through ingestion points in scripts/scrapers.py. While no explicit boundary markers are present to delimit this content, the risk of indirect prompt injection is limited because the skill lacks high-privilege capabilities such as arbitrary code execution or file system writing. Additionally, the content is truncated to 500 characters in scripts/scrapers.py, which provides a basic level of sanitization.
Audit Metadata