ecommerce-content-marketing
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection.
- Ingestion points: The skill retrieves content from Amazon reviews, Reddit, Trustpilot, and social media platforms using web search and fetching (SKILL.md).
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands in the retrieved data.
- Capability inventory: The agent is limited to research and text generation and cannot perform high-risk actions like system file modification.
- Sanitization: Fetched data is processed without explicit sanitization or validation.
- [EXTERNAL_DOWNLOADS]: The skill documentation includes an installation command that downloads components from a GitHub repository (SKILL.md). This targets the author's repository on a well-known hosting platform.
- [COMMAND_EXECUTION]: The skill provides a terminal command for users to perform a global installation of the tool (SKILL.md).
Audit Metadata