Skills
skills/zhuhongyin/global-ecom-skills/ali1688-sourcing/Gen Agent Trust Hub

ali1688-sourcing

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill ingests untrusted data from 1688.com which is subsequently processed by the agent.
  • Ingestion points: The scripts/scrape_1688.py script fetches product titles, factory names, and specifications from external 1688.com web pages.
  • Boundary markers: The skill lacks explicit delimiters or instructions to ignore instructions embedded in the scraped content.
  • Capability inventory: The scraped data is used to generate sourcing instructions, pricing calculations, and quality checklists.
  • Sanitization: No specific sanitization or text filtering is performed on the data retrieved from the web before being processed by the agent.
  • [COMMAND_EXECUTION]: The skill includes a Python script (scripts/scrape_1688.py) for data extraction and a shell script (scripts/setup.sh) for installing environment dependencies.
  • [EXTERNAL_DOWNLOADS]: The scripts/setup.sh script installs the requests and beautifulsoup4 packages from the official Python Package Index (PyPI). These are well-known and standard libraries for web scraping.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 07:57 PM