ecom
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute a local analytical engine (~/.claude/skills/ecom/bin/ecom). This execution is used solely for computing metrics from input data and is restricted to the skill's internal directory.
- [PROMPT_INJECTION]: The skill processes user-supplied CSV data, which constitutes a potential surface for indirect prompt injection. This risk is mitigated by comprehensive instructions that direct the AI model to rely exclusively on the structured JSON output provided by the analysis engine and explicitly forbid the use of external sources or data invention.
Audit Metadata