ai-amazon-repricing-strategy

Warn

Audited by Socket on Jun 13, 2026

1 alert found:

Anomaly
AnomalyLOW
references/skill.json

No direct evidence of malware is present in this fragment because it is configuration/manifest-only. The main security concern is supply-chain governance: the skill relies on an external capability import marked with “unknown_pending_verification” and has no visible human-review gate, plus it forwards untrusted user inputs to an execution endpoint and supports file/link inputs, all of which depend on unseen backend validation, sandboxing, and safe handling to prevent data leakage or unsafe actions. Recommend verifying the imported capability integrity/provenance (pinning, checksums/signatures, license verification), and auditing /api/execute for safe input parsing, URL handling, logging hygiene, and egress controls.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 13, 2026, 03:31 AM
Package URL
pkg:socket/skills-sh/allinherog-star%2Fai-skills%2Fai-amazon-repricing-strategy%2F@f9e9eba7fd29a71d4d13df387a84ee0baf644fe7b01292ef9f18734b23f0381f
Security Audit — socket — ai-amazon-repricing-strategy