amazon-deal-finder

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface
  • Ingestion points: The skill retrieves promotional data from external web sources using the web_fetch tool and processes user-provided product descriptions and sales metrics (SKILL.md, Step 1 and Data Sources section).
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing retrieved web content or user input.
  • Capability inventory: The skill's capabilities are limited to analytical data processing and text generation. No high-risk capabilities such as arbitrary command execution, file system write access, or non-whitelisted network operations were detected.
  • Sanitization: There is no evidence of sanitization or validation of the data ingested from external sources or user messages before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 04:21 AM
Security Audit — agent-trust-hub — amazon-deal-finder