amazon-ppc-campaign

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local bash script (scripts/fetch-competitor.sh) to fetch and parse Amazon product listings for competitor analysis. It also uses an inline Python command to parse JSON data from Amazon's auto-complete API.- [EXTERNAL_DOWNLOADS]: The skill communicates with official Amazon domains to retrieve product metadata and keyword suggestions. These interactions are necessary for the skill's functionality and target a well-known service.- [REMOTE_CODE_EXECUTION]: While automated scanners may flag the piping of curl output to python3, analysis shows the Python code is a static script provided within the skill for the purpose of JSON parsing. It does not execute dynamic code downloaded from the internet.- [DATA_EXFILTRATION]: No sensitive user data is accessed or transmitted to untrusted third parties. Network activity is limited to the retrieval of public marketplace data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 04:21 AM
Security Audit — agent-trust-hub — amazon-ppc-campaign