olive-young-search
Fail
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to execute code directly from the NPM registry using the
npx --yes daisocommand. This bypasses interactive confirmation and runs a third-party package from an unverified source. - [REMOTE_CODE_EXECUTION]: The fallback workflow involves cloning a third-party GitHub repository (
hmmhmmhm/daiso-mcp), installing its dependencies, and building/executing the binary. This results in the execution of unverified external code on the local system. - [COMMAND_EXECUTION]: The skill makes extensive use of shell commands including
npx,npm,git, andnodeto manage, build, and run external software dependencies. - [EXTERNAL_DOWNLOADS]: Dependencies and source code are fetched from the NPM registry and GitHub during the skill's normal operation.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data such as store names and product information retrieved from external endpoints via a CLI tool.
- Ingestion points: External data enters the context via the standard output of the
daisoCLI tool in JSON format. - Boundary markers: There are no specific delimiters or warnings used to prevent the agent from following instructions that might be embedded in the retrieved product or store metadata.
- Capability inventory: The skill has the capability to execute shell commands (
npx,npm,node,git) which could be exploited if malicious data influences agent behavior. - Sanitization: No validation or filtering is performed on the data retrieved from the external API before it is presented to the agent for summarization.
Recommendations
- AI detected serious security threats
Audit Metadata