amazon-buy-box

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes content from external Amazon product pages via the web_fetch tool. This creates a surface where external content (e.g., product descriptions) could theoretically contain instructions intended to influence the AI. However, the skill's functionality is limited to generating analytical reports and advice, and it does not possess capabilities to execute code, modify the file system, or perform unauthorized network operations.
  • Ingestion points: External Amazon product page data fetched via web_fetch tool.
  • Boundary markers: None explicitly defined in the prompt instructions.
  • Capability inventory: Analytical reasoning and output generation only. No dangerous capabilities (e.g., shell execution, file writing) are requested or utilized.
  • Sanitization: Relies on the underlying platform's default handling of tool outputs.
  • [DATA_EXPOSURE]: The skill requests business metrics such as Order Defect Rate (ODR) and cancellation rates from the user to perform its analysis. This is a legitimate functional requirement for the stated purpose of Buy Box optimization and is handled within the conversational context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 04:21 AM
Security Audit — agent-trust-hub — amazon-buy-box