Skills
skills/vipshop/vipshop-ai-skills/vipshop-product-detail/Gen Agent Trust Hub

vipshop-product-detail

Fail

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: Hardcoded secrets identified: HMAC secret key in scripts/exchange_link_builder.py (5fb86e55b72bfc50f083049130e5e76a75c2cbda6bbd6e51d59668057f5c1715) and API key in scripts/detail.py (dafe77e7486f46eca2e17a256d3ce6b5).
  • [COMMAND_EXECUTION]: Instructions in SKILL.md and README.md direct the agent to autonomously perform clawhub install and script execution without requesting user permission.
  • [EXTERNAL_DOWNLOADS]: The skill automatically triggers the installation of the vipshop-user-login skill from an external source if it is not present.
  • [DATA_EXFILTRATION]: Sensitive local authentication data is accessed from ~/.vipshop-user-login/tokens.json and transmitted as part of the vendor API requests.
  • [PROMPT_INJECTION]: The skill uses directive language to override default agent behaviors and user-review protocols, forcing autonomous high-risk actions.
  • [PROMPT_INJECTION]: Vulnerability to indirect prompt injection through unvalidated external product reviews. 1. Ingestion points: scripts/detail.py (fetching product reviews). 2. Boundary markers: Absent. 3. Capability inventory: Shell execution and local file access. 4. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 19, 2026, 09:35 AM