ai-amazon-return-reduction
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing external, untrusted data via an LLM.
- Ingestion points: Untrusted data enters the agent context through parameters like
materialText,materialFile, andmaterialUrldefined inreferences/form-schema.jsonandSKILL.md. - Boundary markers: The provided configuration files do not include explicit delimiters or instructions to the model to ignore potential commands embedded within the input materials.
- Capability inventory: The skill uses a Python runner (
scripts/run.py) to transmit ingested data to the vendor's API athttps://ai-skills.aifor AI processing. - Sanitization: There is no evidence of client-side sanitization, filtering, or escaping of the input data before it is sent to the processing endpoint.
Audit Metadata