amazon-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and default workflow explicitly instructs the agent to "collect" Amazon platform data (e.g., "URL input when URLs are known", "ASIN input for review work" and "collect reviews and negative reviews"), and the implementation uses a hosted collection bridge and network request code (hosted_collection_bridge.mjs / network_runtime.mjs) to fetch public Amazon pages and user-generated reviews that the agent then normalizes, analyzes, and uses to drive follow-up actions, so untrusted third-party content can materially influence its behavior.