ai-amazon-rank-tracker
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill defines inputs for external data including 'materialUrl' (web links) and 'materialFile' (various document formats) in SKILL.md and references/form-schema.json. This untrusted content is processed by the agent without the use of instruction delimiters or explicit 'ignore embedded instructions' warnings. * Ingestion points: materialUrl and materialFile parameters defined in SKILL.md and references/form-schema.json. * Boundary markers: Absent from the skill instructions. * Capability inventory: The scripts/run.py file contains logic for performing network API requests to ai-skills.ai. * Sanitization: No evidence of escaping or sanitizing external content was found in the provided skill components.
- [EXTERNAL_DOWNLOADS]: External Domain References. The skill metadata and documentation reference external domains including skills.sh and github.com/allinherog-star for catalog tracking and source code management.
Audit Metadata