Skills
skills/nexscope-ai/ecommerce-skills/supply-chain-optimization-amazon-lite/Gen Agent Trust Hub

supply-chain-optimization-amazon-lite

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts (scripts/calculator.py) to process user-provided supply chain data and generate analysis reports.
  • [EXTERNAL_DOWNLOADS]: The HTML report generator in scripts/report_html.py includes a reference to the chart.js library hosted on the jsDelivr CDN to enable data visualization in the generated output.
  • [PROMPT_INJECTION]: The skill uses an indirect prompt injection surface by accepting natural language input from users to gather business profile and supply chain data.
  • Ingestion points: User input collected in Steps 2 and 3 of the SKILL.md workflow.
  • Boundary markers: The prompt uses specific labels (e.g., 'Sourcing', 'Logistics') and descriptive placeholders to structure and delimit the expected input.
  • Capability inventory: The skill executes local shell commands (python3 scripts/calculator.py) and writes report files (report.md, report.html) to the workspace.
  • Sanitization: User input is processed by the agent and then parsed as structured JSON for validation through Python dataclasses before any calculations are performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 11:37 PM