amazon-listing-optimization
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a local bash script at scripts/fetch-listing.sh that uses curl, grep, and sed to parse product data from Amazon.
- [PROMPT_INJECTION]: The skill processes untrusted content from external Amazon listings, which introduces a surface for indirect prompt injection. 1. Ingestion points: scripts/fetch-listing.sh fetches HTML content from Amazon URLs. 2. Boundary markers: Absent. 3. Capability inventory: Local shell script execution and network access via curl. 4. Sanitization: The script uses grep and sed to isolate specific text fields like title and price.
- [EXTERNAL_DOWNLOADS]: The skill retrieves product information from well-known Amazon domains (e.g., www.amazon.com) to perform its core optimization tasks.
Audit Metadata