vipshop-product-search
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill contains hardcoded application keys and secrets used for request signing and authentication. Evidence found in "scripts/exchange_link_builder.py" (HMAC secret) and "scripts/search.py" (API key).
- [DATA_EXFILTRATION]: The skill reads session tokens from "~/.vipshop-user-login/tokens.json" and transmits them to the vendor domain "mapi-pc.vip.com" to perform authenticated searches. While this is functional for the skill's purpose, it involves the transmission of sensitive user session data.
- [COMMAND_EXECUTION]: The instructions direct the agent to execute local Python scripts ("scripts/search.py") and perform cross-skill interactions by running scripts from the "vipshop-user-login" skill.
- [EXTERNAL_DOWNLOADS]: The documentation instructs the agent to install an additional skill ("vipshop-user-login") from the platform's repository if it is not already present.
- [PROMPT_INJECTION]: There is a potential surface for indirect prompt injection as the skill processes and displays product data (titles and marketing sell-tips) fetched from an external API. \n
- Ingestion points: Product data fetched from "mapi-pc.vip.com" via "scripts/search.py". \n
- Boundary markers: None identified in the output templates to segregate untrusted API content from agent instructions. \n
- Capability inventory: File system access, network operations, and local script execution. \n
- Sanitization: Standard JSON parsing is used; no specific filtering for instruction-like patterns within the retrieved product text is implemented.
Audit Metadata