amazon-store-research
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes Playwright to navigate to user-provided Amazon Store URLs and subsequently crawls discovered collection and category pages. This is a primary function of the skill for data gathering and involves only public e-commerce data.
- [COMMAND_EXECUTION]: The workflow involves executing specific JavaScript functions within the Playwright browser environment to parse DOM elements and extract structured product data such as ASINs, pricing, and review metrics. It also dynamically manages sub-agents to process the collected data in parallel.
- [PROMPT_INJECTION]: The skill processes untrusted external data from Amazon storefronts, which presents a surface for indirect prompt injection.
- Ingestion points: Product titles, descriptions, and "About Us" sections are scraped from Amazon pages in SKILL.md (Step 1.3 through 1.5).
- Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions embedded in the scraped content.
- Capability inventory: The skill uses Playwright tools for browser interaction and the subagent_type: "general-purpose" to launch analysis tasks.
- Sanitization: No explicit sanitization or filtering of the scraped text is performed before passing it to the sub-agents for analysis.
- [SAFE]: The skill follows security best practices by organizing all generated data and reports within a specific local directory structure (
reports/{store-slug}/). No evidence of credential theft, obfuscation, or persistence mechanisms was found.
Audit Metadata