amazon-search
Warn
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions provide commands to extract API keys from a sensitive local file path at
~/.gooseworks/credentials.json. Accessing credential files is a high-risk operation that can lead to local data exposure. - [EXTERNAL_DOWNLOADS]: The documentation suggests running
npx gooseworks login, which downloads and executes thegooseworkspackage from the npm registry. This involves executing unversioned code from an external repository at runtime. - [COMMAND_EXECUTION]: The skill utilizes shell commands (
python3 -c) to parse local JSON configuration andcurlto transmit data to external APIs. While functional, these operations rely on the agent's ability to execute arbitrary commands, which is a significant capability. - [PROMPT_INJECTION]: The skill processes untrusted external content from Amazon search results, creating an attack surface for indirect prompt injection.
- Ingestion points: Untrusted product data (titles, descriptions, delivery info) enters the agent's context through the
organic_resultsarray returned by the API. - Boundary markers: The prompt instructions do not include clear delimiters or safety warnings to help the agent distinguish between its core instructions and the external data being processed.
- Capability inventory: The skill has access to network tools (
curl) and shell execution (python3), which could be misused if a malicious instruction from a product listing is executed by the agent. - Sanitization: The skill does not define any sanitization or validation steps for the Amazon content before it is processed by the model.
Audit Metadata