amazon-alexa-qa

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes local Python scripts (check-alexa-panel.py, inject-question.py, extract-response.py) to generate JavaScript code for browser automation. These scripts are transparent, self-contained, and do not perform unauthorized system operations.
  • [DATA_EXFILTRATION]: No evidence of unauthorized data transmission was found. The skill interacts exclusively with the official Amazon domain to facilitate shopping assistant queries, and data extraction is limited to the AI's responses.
  • [SAFE]: The skill follows security best practices by using json.dumps() in inject-question.py to sanitize user-provided question text before it is interpolated into a JavaScript string for execution in the browser. This prevents potential script injection vulnerabilities.
  • [PROMPT_INJECTION]: The skill instructions and metadata do not contain any patterns typical of prompt injection or attempts to override the agent's core safety guidelines.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:38 AM
Security Audit — agent-trust-hub — amazon-alexa-qa