product-description-generator
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses web_fetch and web_search to retrieve product data and competitor information from platform URLs. These operations are essential for the skill's advertised functionality and do not involve unauthorized domains.
- [PROMPT_INJECTION]: The processing of external content via web_fetch introduces an indirect prompt injection surface. While a theoretical risk factor, it is mitigated by the restricted tool capabilities available to the agent.
- Ingestion points: Data from user-provided competitor URLs and search results enters the agent's context during listing generation and optimization workflows.
- Boundary markers: The skill does not define explicit delimiters or instructions to treat external data as untrusted text.
- Capability inventory: The agent's toolset is limited to read-only web operations (search and fetch); it lacks capabilities for arbitrary command execution, file-system modification, or exfiltration to non-whitelisted domains.
- Sanitization: No explicit sanitization or filtering of the fetched web data is specified prior to keyword extraction and analysis.
Audit Metadata