The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to use the curl utility for downloading product images to a local subdirectory and the open command to launch the final generated landing page in a browser.
[EXTERNAL_DOWNLOADS]: Downloads product assets from Amazon's official image hosting infrastructure (e.g., media-amazon.com). These downloads are necessary for the skill's primary function and target a well-known service.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external product pages and incorporates it into generated HTML and JavaScript code.
Ingestion points: Scrapes product titles, features, and customer reviews from user-supplied Amazon URLs via Chrome MCP in SKILL.md (Phase 2).
Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the scraped content as data rather than instructions.
Capability inventory: The skill possesses the ability to execute shell commands (curl, open) and generate local files that are subsequently executed in a browser context.
Sanitization: The instructions ask the agent to 'rewrite' titles and features for marketing purposes, which may provide incidental sanitization, but no technical escaping or validation of the scraped data is enforced before inclusion in the final output.

amazon-landing-page