Skills
skills/nexscope-ai/ecommerce-skills/ecommerce-advertising/Gen Agent Trust Hub

ecommerce-advertising

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Provides an installation command using npx to add the skill to the environment from the vendor's repository.
  • [DATA_EXFILTRATION]: Performs network operations to fetch data from well-known services including Amazon, Facebook Ads Library, and Reddit for market analysis.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external sources which constitutes an indirect prompt injection surface.
  • Ingestion points: External data enters through web_fetch and web_search calls in SKILL.md (e.g., retrieving Amazon reviews and competitor site content).
  • Boundary markers: Explicit delimiters or instructions to ignore embedded instructions are absent in the logic.
  • Capability inventory: The skill uses web_search and web_fetch tools; it does not possess capabilities for file modification, network exfiltration of local files, or system command execution.
  • Sanitization: No specific sanitization or filtering logic is defined for the retrieved external content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 08:09 AM