supply-chain-optimization-amazon-lite
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to execute local Python scripts (
scripts/calculator.py) for data processing and analysis. This is a primary function of the skill and involves passing data as arguments to the interpreter. - [EXTERNAL_DOWNLOADS]: The
scripts/report_html.pyscript generates an HTML report that references the Chart.js library from a well-known CDN (cdn.jsdelivr.net). This is a standard and safe practice for including common libraries. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection where user-supplied supply chain data is incorporated into a JSON string used as a shell command argument.
- Ingestion points: User-provided business profiles and logistics data collected in
SKILL.mdSteps 2 and 3. - Boundary markers: The agent is instructed to wrap the data in a JSON object within single quotes for execution via
python3. - Capability inventory: The agent can execute shell commands to run scripts (
python3,scripts/calculator.py). - Sanitization: No specific sanitization or escaping instructions are provided to the agent to ensure that malicious user input does not break the shell command structure or execute arbitrary commands.
Audit Metadata