pp-amazon-seller
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to install command-line tools from the author's official GitHub repository (
github.com/mvanhorn/printing-press-library) and npm registry (@mvanhorn/printing-press). These are vendor-owned resources used for the skill's primary functionality. - [DATA_EXFILTRATION]: The
amazon-seller-pp-clitool features an output delivery mechanism (--deliver webhook:<url>) that can POST command results directly to an external URL. This capability allows for the transmission of sensitive business data, such as order details, sales reports, and inventory summaries, to arbitrary remote endpoints. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests and processes untrusted data from the Amazon Seller API.
- Ingestion points: Untrusted data is retrieved from Amazon via catalog searches, order records, listing details, and report documents (SKILL.md).
- Boundary markers: The instructions do not define clear boundaries or delimiters to isolate untrusted external content from the agent's control logic.
- Capability inventory: The agent has the capability to execute shell commands (the CLI binary) and exfiltrate data via the built-in webhook delivery sink or local file writes.
- Sanitization: There is no evidence of sanitization or filtering of the API-provided content before it is processed by the agent.
Audit Metadata