Skills
skills/membranedev/application-skills/amazon-advertising/Gen Agent Trust Hub

amazon-advertising

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the NPM registry to interact with the Membrane platform.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute various membrane CLI commands for authentication, connection management, and running advertising actions.
  • [PROMPT_INJECTION]: The skill acts as an interface for Amazon Advertising data, which can include attacker-controlled content in campaign names or descriptions, leading to potential indirect prompt injection.
  • Ingestion points: Untrusted data enters the context via the output of membrane action list and membrane action run.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the documentation.
  • Capability inventory: The skill possesses the ability to create, update, and delete advertising resources via shell command execution.
  • Sanitization: There is no evidence of sanitization or filtering of the data retrieved from external APIs before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 01:00 PM