amazon-search
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses a local credential file at
~/.gooseworks/credentials.jsonto retrieve API keys. This is a standard configuration pattern for skills within the Gooseworks platform to authenticate with the vendor's API. - [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using
python3 -candcurlto parse configuration files and perform network requests to the vendor's API endpoints. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external data from Amazon search results (product titles, descriptions, and reviews). If an attacker controls the content of an Amazon listing, they could potentially embed instructions aimed at influencing the agent's behavior.
- Ingestion points: Amazon search results processed from the
organic_resultsarray. - Boundary markers: None present in the instructions to delimit external data from agent commands.
- Capability inventory: The skill has the capability to perform network requests via
curland execute local shell commands. - Sanitization: No specific sanitization or validation of the product data is described in the skill instructions.
Audit Metadata