ecommerce-email-marketing-builder
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill includes instructions to install additional components via
npxfrom the vendor's GitHub repository (nexscope-ai/eCommerce-Skills). This is a standard installation pattern within the vendor's ecosystem. - [PROMPT_INJECTION]: The skill ingests user-provided data, including brand details and competitor URLs, to tailor its output. While this represents a surface for indirect prompt injection, the risk is mitigated as the skill lacks high-privilege capabilities such as automated web crawling, file-system writes, or network requests that could be exploited by malicious data.
- [COMMAND_EXECUTION]: No unauthorized or suspicious command execution patterns were identified. The skill's logic is focused on text generation and workflow planning.
- [DATA_EXFILTRATION]: There are no patterns suggesting the unauthorized collection or transmission of sensitive data. Mentions of external platforms like Klaviyo or Omnisend are used solely for generating platform-specific setup instructions.
Audit Metadata