amazon-alexa-qa
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local Python scripts (
check-alexa-panel.py,inject-question.py,extract-response.py) to generate JavaScript code for browser automation. These scripts are transparent, self-contained, and do not perform unauthorized system operations. - [DATA_EXFILTRATION]: No evidence of unauthorized data transmission was found. The skill interacts exclusively with the official Amazon domain to facilitate shopping assistant queries, and data extraction is limited to the AI's responses.
- [SAFE]: The skill follows security best practices by using
json.dumps()ininject-question.pyto sanitize user-provided question text before it is interpolated into a JavaScript string for execution in the browser. This prevents potential script injection vulnerabilities. - [PROMPT_INJECTION]: The skill instructions and metadata do not contain any patterns typical of prompt injection or attempts to override the agent's core safety guidelines.
Audit Metadata