ai-amazon-vine-program
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access to sensitive local credentials or files were identified in the skill instructions or scripts.
- [EXTERNAL_DOWNLOADS]: The skill communicates with the vendor's official backend at
https://ai-skills.ai. This is documented behavior for this vendor and aligns with the skill's stated purpose. - [COMMAND_EXECUTION]: Includes a utility script
scripts/run.pythat serves as a standard wrapper for API interaction. It uses environment variables for configuration and handles network communication viaurllib. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted data from URLs, uploaded files, and pasted text.
- Ingestion points: Parameters
materialUrl,materialFile, andmaterialTextdefined inSKILL.mdandform-schema.json. - Boundary markers: None identified in the provided files to segregate untrusted content.
- Capability inventory: Network execution via the Python runner to the vendor's API.
- Sanitization: Standard parameter handling is present, though explicit prompt sanitization logic is not visible in the local scripts.
Audit Metadata