amazon-search

Warn

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions provide commands to extract API keys from a sensitive local file path at ~/.gooseworks/credentials.json. Accessing credential files is a high-risk operation that can lead to local data exposure.
  • [EXTERNAL_DOWNLOADS]: The documentation suggests running npx gooseworks login, which downloads and executes the gooseworks package from the npm registry. This involves executing unversioned code from an external repository at runtime.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands (python3 -c) to parse local JSON configuration and curl to transmit data to external APIs. While functional, these operations rely on the agent's ability to execute arbitrary commands, which is a significant capability.
  • [PROMPT_INJECTION]: The skill processes untrusted external content from Amazon search results, creating an attack surface for indirect prompt injection.
  • Ingestion points: Untrusted product data (titles, descriptions, delivery info) enters the agent's context through the organic_results array returned by the API.
  • Boundary markers: The prompt instructions do not include clear delimiters or safety warnings to help the agent distinguish between its core instructions and the external data being processed.
  • Capability inventory: The skill has access to network tools (curl) and shell execution (python3), which could be misused if a malicious instruction from a product listing is executed by the agent.
  • Sanitization: The skill does not define any sanitization or validation steps for the Amazon content before it is processed by the model.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — amazon-search