pp-amazon-orders

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the amazon-orders-pp-cli and amazon-orders-pp-mcp tools using go install from github.com/mvanhorn/printing-press-library and npx from @mvanhorn/printing-press. These resources are provided by the skill's author to enable its core functionality.
  • [DATA_EXFILTRATION]: The CLI tool features a --deliver webhook:<url> flag, which allows the output of commands (such as order history or spending reports) to be sent to an external URL. This is a documented capability for data routing and is controlled by the user or agent via command-line arguments.
  • [PROMPT_INJECTION]: The skill parses untrusted data from Amazon order pages, which presents a surface for indirect prompt injection.
  • Ingestion points: Data is ingested from Amazon order detail pages and listings via the sync and orders list commands.
  • Boundary markers: No specific delimiters or instructions to ignore embedded content are provided in the current prompt guidance.
  • Capability inventory: The skill has access to shell execution via Read Bash, as well as the ability to write to files and send network requests via the tool's delivery sinks.
  • Sanitization: The documentation does not specify sanitization or validation of the scraped HTML content before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill includes instructions for secure environment setup that use shred and rm to clean up temporary authentication files, which is a defensive security practice.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 12:50 AM
Security Audit — agent-trust-hub — pp-amazon-orders