amazon-research
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill relies on authenticated vendor scripts (@reduck/amazon.com/*) for all interactions with Amazon, ensuring a trust-based interaction within the provider's ecosystem.
- [SAFE]: Documents the use of a local bridge (
reduck local --cookies) to handle authenticated data retrieval for product reviews, following established platform security practices. - [SAFE]: Implements regex validation for input URLs in the category list function to ensure only expected Amazon search pages are processed.
- [PROMPT_INJECTION]: The skill processes untrusted customer reviews and product listings from Amazon, presenting an indirect prompt injection surface. This is evaluated as safe given the skill's constrained read-only scope.
- Ingestion points: Aggregated product listings and star ratings fetched via
search-products,get-product, andget-product-reviews. - Boundary markers: Absent; the system prompt does not specify delimiters for external content.
- Capability inventory: Interaction is strictly limited to execution of vendor-specific tools via
run_scriptfor data retrieval; no system-level or destructive capabilities are present. - Sanitization: No content filtering or validation of the retrieved text is described.
Audit Metadata