ai-amazon-vine-program

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized access to sensitive local credentials or files were identified in the skill instructions or scripts.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with the vendor's official backend at https://ai-skills.ai. This is documented behavior for this vendor and aligns with the skill's stated purpose.
  • [COMMAND_EXECUTION]: Includes a utility script scripts/run.py that serves as a standard wrapper for API interaction. It uses environment variables for configuration and handles network communication via urllib.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted data from URLs, uploaded files, and pasted text.
  • Ingestion points: Parameters materialUrl, materialFile, and materialText defined in SKILL.md and form-schema.json.
  • Boundary markers: None identified in the provided files to segregate untrusted content.
  • Capability inventory: Network execution via the Python runner to the vendor's API.
  • Sanitization: Standard parameter handling is present, though explicit prompt sanitization logic is not visible in the local scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-amazon-vine-program