Skills
skills/saleor/configurator/data-importer/Gen Agent Trust Hub

data-importer

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use python3 -c to perform on-the-fly Excel-to-CSV conversion and uses shell pipelines with sed, tr, unzip, and iconv for data cleaning and transformation.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @saleor/configurator CLI tool, which is a vendor-owned resource.
  • [INDIRECT_PROMPT_INJECTION]: The skill's primary purpose is to process untrusted external data (CSV, Excel, Shopify exports).
  • Ingestion points: Reads headers and sample data from external files (references/csv-patterns.md, references/shopify-format.md).
  • Boundary markers: The skill lacks explicit instructions to the agent to disregard potential instructions embedded within the source data fields.
  • Capability inventory: The agent has access to the Bash tool and file system via Read, Write, and Edit tools.
  • Sanitization: While the skill performs data transformation (slug generation, price parsing), it does not explicitly sanitize the content to prevent instructions in the data from influencing the agent's logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 02:26 PM