product-description-generator
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the npx skills command to install specialized toolsets from the author's GitHub repositories, specifically nexscope-ai/eCommerce-Skills and nexscope-ai/Amazon-Skills. These are vendor-owned resources and are documented neutrally as standard installation procedures for this skill.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes content from external websites like product pages and search results.
- Ingestion points: Competitor product URLs and web search results are ingested via web_fetch and web_search as described in SKILL.md.
- Boundary markers: The skill logic lacks explicit delimiters or instructions to the agent to disregard any embedded prompts or instructions contained within the fetched external data.
- Capability inventory: The skill uses web_fetch and web_search capabilities to perform keyword research and competitor analysis in SKILL.md.
- Sanitization: No security-specific sanitization or filtering of external text is performed to prevent malicious instructions from influencing agent behavior.
Audit Metadata