amazon-buy-box
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes content from external Amazon product pages via the
web_fetchtool. This creates a surface where external content (e.g., product descriptions) could theoretically contain instructions intended to influence the AI. However, the skill's functionality is limited to generating analytical reports and advice, and it does not possess capabilities to execute code, modify the file system, or perform unauthorized network operations. - Ingestion points: External Amazon product page data fetched via
web_fetchtool. - Boundary markers: None explicitly defined in the prompt instructions.
- Capability inventory: Analytical reasoning and output generation only. No dangerous capabilities (e.g., shell execution, file writing) are requested or utilized.
- Sanitization: Relies on the underlying platform's default handling of tool outputs.
- [DATA_EXPOSURE]: The skill requests business metrics such as Order Defect Rate (ODR) and cancellation rates from the user to perform its analysis. This is a legitimate functional requirement for the stated purpose of Buy Box optimization and is handled within the conversational context.
Audit Metadata