skills/jaygptpro/aivault-amazon-skills/amazon-idq-pro-audit/Snyk

amazon-idq-pro-audit

Warn

Audited by Snyk on Jun 17, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.95). The skill calls mcp__brightdata__web_data_amazon_product to fetch live Amazon product pages at runtime and then ingests readable fields like title, features (bullets), product_description (A+ modules), and images into the LLM context—these are outsider-authored listing text from Amazon sellers/brands.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Hidden Unicode characters detected (1 type(s) found)

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W021

MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 17, 2026, 04:18 PM

Issues

2

Security Audit — snyk — amazon-idq-pro-audit