amazon-keyword-research

Fail

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/research.sh is vulnerable to command injection through the $KEYWORD and ${SEARCH_TERM} variables. These shell variables are interpolated directly into a python3 -c command string within single quotes. A crafted input containing a single quote (e.g., ') + __import__('os').system('whoami') + (') can escape the intended Python string literal and execute arbitrary Python or system commands.
  • [REMOTE_CODE_EXECUTION]: Due to the command injection vulnerability in the research script, an attacker can achieve remote code execution by providing a malicious keyword. This bypasses the intended functionality of the skill and allows execution of unauthorized commands in the agent's runtime environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 16, 2026, 04:21 AM
Security Audit — agent-trust-hub — amazon-keyword-research