amazon-research

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from Amazon product pages and customer reviews, creating an indirect prompt injection attack surface.\n
  • Ingestion points: External Amazon data is ingested and processed in scripts/normalize_amazon_dataset.mjs and scripts/analyze_amazon_dataset.mjs.\n
  • Boundary markers: The instructions do not define boundary markers or instruct the agent to disregard instructions potentially embedded within the datasets.\n
  • Capability inventory: The skill possesses command execution capabilities through scripts like _postplus_shared/00-core/shared-runtime/scripts/download_videos_from_manifest_with_ytdlp.mjs and _postplus_shared/00-core/shared-runtime/scripts/lib/postplus_workspace_runtime.mjs.\n
  • Sanitization: While the scripts normalize data into a structured schema, they do not specifically sanitize for prompt injection before the data is summarized for the agent.\n- [COMMAND_EXECUTION]: The skill's shared runtime environment executes external CLI tools to perform media processing and project maintenance.\n
  • Evidence: _postplus_shared/00-core/shared-runtime/scripts/download_videos_from_manifest_with_ytdlp.mjs executes python3 -m yt_dlp to download video assets.\n
  • Evidence: _postplus_shared/00-core/shared-runtime/scripts/lib/postplus_workspace_runtime.mjs uses execFileSync to run ffmpeg for video generation and local utility scripts for project ingestion.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 07:44 AM
Security Audit — agent-trust-hub — amazon-research