amazon-keyword-research
Fail
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/research.shis vulnerable to command injection through the$KEYWORDand${SEARCH_TERM}variables. These shell variables are interpolated directly into apython3 -ccommand string within single quotes. A crafted input containing a single quote (e.g.,') + __import__('os').system('whoami') + (') can escape the intended Python string literal and execute arbitrary Python or system commands. - [REMOTE_CODE_EXECUTION]: Due to the command injection vulnerability in the research script, an attacker can achieve remote code execution by providing a malicious keyword. This bypasses the intended functionality of the skill and allows execution of unauthorized commands in the agent's runtime environment.
Recommendations
- AI detected serious security threats
Audit Metadata