Skills
skills/williampenrose/myskills/app-reviews/Gen Agent Trust Hub

app-reviews

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It processes untrusted user-generated content (app reviews) fetched from external app stores. Malicious instructions embedded in a review could potentially influence the agent's behavior during analysis.
  • Ingestion points: Review content is ingested via fetch.mjs from Google Play and Apple App Store APIs.
  • Boundary markers: The filtered reviews are emitted as a structured JSON array from evaluate.mjs.
  • Capability inventory: The skill includes scripts for network access (fetch.mjs), local SQLite database operations (_lib/db.mjs), and file system access (_lib/paths.mjs).
  • Sanitization: The review content is formatted as JSON but is not sanitized for potential prompt injection patterns.
  • [COMMAND_EXECUTION]: The scripts/_lib/proxy.mjs file performs dynamic command execution by re-executing the current script. It uses node:child_process.spawnSync to restart the process with an environment variable (NODE_USE_ENV_PROXY=1) if a proxy is detected. While it uses process.execPath and the existing command-line arguments, this pattern involves spawning new processes based on runtime state.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from official Google Play (play.google.com) and Apple App Store (apps.apple.com) endpoints. These are well-known services, and the network operations are limited to the skill's stated purpose of retrieving app reviews.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 03:53 AM