keyapi-amazon-ecommerce
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses a Node.js utility script to facilitate communication with the vendor's MCP server at mcp.keyapi.ai. All network operations are directed to this specific service endpoint.
- [SAFE]: Secret management is handled according to best practices, utilizing environment variables or a local .env file for the API token. The script includes a setup helper to securely persist this token locally if missing.
- [SAFE]: The skill implements local filesystem access for the sole purpose of caching API responses in a dedicated directory (.keyapi-cache) and maintaining configuration, with no unauthorized access to sensitive system paths.
- [SAFE]: While the skill processes external e-commerce data (product descriptions and reviews) which constitutes an indirect prompt injection surface, it lacks dangerous execution capabilities that could be exploited via this data.
Audit Metadata