amazon-one-shot
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill programmatically navigates to the Amazon domain (amazon.com) to retrieve product details, search results, and competitor information. This behavior is consistent with its stated purpose of product research.
- [COMMAND_EXECUTION]: The skill utilizes the
browser_evaluate()tool to execute JavaScript snippets within the browser context to extract structured data from the Amazon DOM. This is a standard mechanism for web scraping skills. - [PROMPT_INJECTION]: The skill ingests untrusted external content including product titles, bullet points, and customer reviews. This presents an indirect prompt injection attack surface where malicious instructions could be embedded in Amazon listings.
- Ingestion points: SKILL.md (Steps 1 through 4 detail the extraction of titles, descriptions, and review bodies).
- Boundary markers: Absent; the extracted content is processed and written to reports without specific delimiters or isolation instructions.
- Capability inventory: The skill possesses browser navigation capabilities, JavaScript evaluation, and the ability to write files to the local
reports/directory. - Sanitization: No explicit sanitization or filtering of the ingested external content was identified.
Audit Metadata