kdp-keyword-optimizer

Warn

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run a local Python script (keyword_volume.py) located at a hardcoded absolute path (/Users/charliedeist/Desktop/New Root Docs/Creative Intelligence Agency/skill-stack/amazon-publishing-optimization/data-layer). Executing scripts from fixed local paths can be risky if the environment is shared or if the script is manipulated.
  • [PROMPT_INJECTION]: The skill ingests untrusted data in the form of book descriptions to extract themes and keywords (SKILL.md, Step 1). It lacks boundary markers or instructions to sanitize this input, making it vulnerable to indirect prompt injection where instructions embedded in the book text could influence agent behavior.
  • Ingestion points: User-provided book descriptions and content referenced in Step 1 of SKILL.md.
  • Boundary markers: None identified; there are no delimiters or 'ignore' instructions for the processed data.
  • Capability inventory: Execution of a local Python script (keyword_volume.py) which interacts with an external API.
  • Sanitization: No escaping or validation of external content is specified before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 21, 2026, 05:22 PM
Security Audit — agent-trust-hub — kdp-keyword-optimizer