amazon-listing-optimization

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a local bash script at scripts/fetch-listing.sh that uses curl, grep, and sed to parse product data from Amazon.
  • [PROMPT_INJECTION]: The skill processes untrusted content from external Amazon listings, which introduces a surface for indirect prompt injection. 1. Ingestion points: scripts/fetch-listing.sh fetches HTML content from Amazon URLs. 2. Boundary markers: Absent. 3. Capability inventory: Local shell script execution and network access via curl. 4. Sanitization: The script uses grep and sed to isolate specific text fields like title and price.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves product information from well-known Amazon domains (e.g., www.amazon.com) to perform its core optimization tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 04:21 AM
Security Audit — agent-trust-hub — amazon-listing-optimization