skill-amazon-ads
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by ingesting and processing external data from the Amazon Ads API.
- Ingestion points: Data such as campaign names, states, and profile information are retrieved via API calls in
scripts/ads.jsand output to the agent's context. - Boundary markers: No specific delimiters or instructional guardrails are used to separate the external API data from the agent's core instructions.
- Capability inventory: The skill's scripts have the ability to read and write local files for configuration and output but do not perform arbitrary command execution or access sensitive system directories.
- Sanitization: Data retrieved from the API is not sanitized or validated for malicious instructions before being presented to the agent.
Audit Metadata