mercadolivre-search
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill includes a dedicated
cookiescommand that utilizes thebrowser-cookie3library to access local browser profiles (Chrome, Firefox, Brave, Edge, etc.) and extract session cookies. This behavior targets sensitive authentication tokens which could lead to account takeover if the agent is compromised. - [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) by processing untrusted third-party data.
- Ingestion points: The
scripts/mercadolivre.pyscript fetches product descriptions, reviews, and seller data directly frommercadolivre.com.br. - Boundary markers: Absent. The skill does not implement delimiters or warnings to the agent to ignore instructions embedded within the scraped product data.
- Capability inventory: The skill utilizes
Bash(python:*)and returns parsed JSON to the agent. If the agent uses this data to make decisions or further executes scripts based on the fetched content, it may be manipulated by malicious sellers. - Sanitization: Absent. The skill parses raw HTML into strings without filtering for instruction-like patterns.
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on browser automation (
playwrightandcamoufox) which executes JavaScript within the context of the remote marketplace, posing a risk if the site serves malicious scripts or if the automation is misconfigured. - [EXTERNAL_DOWNLOADS] (LOW): The setup instructions involve downloading browser binaries via
python -m camoufox fetchfrom external sources. While required for functionality, this represents an external dependency outside of standard package managers.
Recommendations
- AI detected serious security threats
Audit Metadata