pp-amazon-ads

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user/agent to download the 'amazon-ads-pp-cli' binary from external sources, specifically from GitHub (github.com/mvanhorn/printing-press-library) and via NPM (@mvanhorn/printing-press-library).
  • [REMOTE_CODE_EXECUTION]: The installation process involves executing remote code using 'npx -y' and 'go install', which fetches and runs scripts or compiles binaries from the vendor's repositories.
  • [DATA_EXFILTRATION]: The CLI tool supports a '--deliver webhook:' parameter. This capability allows the agent to send command outputs—which may contain sensitive advertising and financial data—to arbitrary external URLs. This presents a risk of data exfiltration if the URL is controlled by an attacker.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted external data from CSV and TSV reports (e.g., 'product-performance.csv', 'search-terms.csv').
  • Ingestion points: Data enters the agent context through various report files and local SQLite databases (e.g., 'store.db').
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the processed data are provided.
  • Capability inventory: The skill possesses network capabilities (via the Amazon Ads API and webhooks) and file system access (reading reports, writing to files via '--deliver file:').
  • Sanitization: There is no evidence of sanitization or validation of the content within the ingested reports before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 01:30 PM
Security Audit — agent-trust-hub — pp-amazon-ads