amazon-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch Amazon product data (e.g., /api/amazon/product, /api/amazon/product/reviews, /api/amazon/product/offers, /api/amazon/search) from the Canopy API which returns public Amazon content including user-generated reviews, seller posts, and listings that the agent would read and could materially influence actions—so it exposes the agent to untrusted third-party content that could enable indirect prompt injection.