amazon-ppc-campaign
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local bash script (
scripts/fetch-competitor.sh) to fetch and parse Amazon product listings for competitor analysis. It also uses an inline Python command to parse JSON data from Amazon's auto-complete API.- [EXTERNAL_DOWNLOADS]: The skill communicates with official Amazon domains to retrieve product metadata and keyword suggestions. These interactions are necessary for the skill's functionality and target a well-known service.- [REMOTE_CODE_EXECUTION]: While automated scanners may flag the piping ofcurloutput topython3, analysis shows the Python code is a static script provided within the skill for the purpose of JSON parsing. It does not execute dynamic code downloaded from the internet.- [DATA_EXFILTRATION]: No sensitive user data is accessed or transmitted to untrusted third parties. Network activity is limited to the retrieval of public marketplace data.
Audit Metadata