amz-ai-search-optimization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly requires "Collect inputs" and "Mine the listing's own reviews and competitor reviews" and to "Plan for external content" (off-Amazon), which means the agent is expected to fetch and interpret user-generated public reviews and external web content that could materially influence listing-rewrite decisions—exposing it to untrusted third-party content.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the full prompt for literal, high-entropy credentials. No API keys, private/PEM keys, or password-like strings appear. However, the WhatsApp invite URL at the end (https://chat.whatsapp.com/ILX65p1yWcaIG3c9WGHpTY) contains a random-looking token that directly grants access to a private group. That token is a literal access token (high-entropy string) embedded in the doc and therefore qualifies as a secret under the definition. All other items (skill names, environment variable names, example phrases, short/simple passwords or placeholders) are documentation or examples and were ignored per the rules.