amazon-research
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from Amazon product pages and customer reviews, creating an indirect prompt injection attack surface.\n
- Ingestion points: External Amazon data is ingested and processed in
scripts/normalize_amazon_dataset.mjsandscripts/analyze_amazon_dataset.mjs.\n - Boundary markers: The instructions do not define boundary markers or instruct the agent to disregard instructions potentially embedded within the datasets.\n
- Capability inventory: The skill possesses command execution capabilities through scripts like
_postplus_shared/00-core/shared-runtime/scripts/download_videos_from_manifest_with_ytdlp.mjsand_postplus_shared/00-core/shared-runtime/scripts/lib/postplus_workspace_runtime.mjs.\n - Sanitization: While the scripts normalize data into a structured schema, they do not specifically sanitize for prompt injection before the data is summarized for the agent.\n- [COMMAND_EXECUTION]: The skill's shared runtime environment executes external CLI tools to perform media processing and project maintenance.\n
- Evidence:
_postplus_shared/00-core/shared-runtime/scripts/download_videos_from_manifest_with_ytdlp.mjsexecutespython3 -m yt_dlpto download video assets.\n - Evidence:
_postplus_shared/00-core/shared-runtime/scripts/lib/postplus_workspace_runtime.mjsusesexecFileSyncto runffmpegfor video generation and local utility scripts for project ingestion.
Audit Metadata