israeli-grocery-price-intelligence
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, persistence mechanisms, or unauthorized privilege escalations were detected. The skill's operations are consistent with its stated purpose of supermarket price intelligence.
- [EXTERNAL_DOWNLOADS]: The skill fetches mandatory price transparency data from established platforms including Shufersal Direct, Carrefour Israel, Cerberus (publishedprices.co.il), and Nibit (matrixcatalog.co.il). It also recommends installing a helper MCP server from the author's GitHub repository.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes untrusted item metadata (names and descriptions) from external supermarket feeds. Ingestion point: WebFetch operations in SKILL.md. Boundary markers: Absent. Capability inventory: Bash and Python execution for parsing XML data. Sanitization: The script uses standard XML parsing but does not filter or sanitize item strings before they enter the agent's context.
Audit Metadata