ai-amazon-repricing-strategy

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and analyze untrusted external content. * Ingestion points: Data enters the agent context through the materialText, materialFile (binary upload), and materialUrl (URI) fields defined in references/form-schema.json. * Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill's internal logic or scripts. * Capability inventory: The skill uses scripts/run.py to perform network requests (urllib.request) that send data to the vendor's API at https://ai-skills.ai. * Sanitization: No sanitization or validation of the content from URLs or files is performed before it is passed to the processing logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-amazon-repricing-strategy