Skills
skills/serendipityoneinc/amazon-analysis-skill/apiclaw/Gen Agent Trust Hub

apiclaw

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill interacts with external API endpoints at api.apiclaw.io to fetch commerce data. It also references documentation and resources on the vendor's official website and GitHub repository.
  • [COMMAND_EXECUTION]: The documentation includes instructions to install an additional skill using the command clawhub install Amazon-analysis-skill, which invokes a vendor-specific CLI tool.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the processing of untrusted content (such as product reviews and listing titles) retrieved from external API responses.
  • Ingestion points: Data is ingested from the apiclaw.io API endpoints described in SKILL.md and references/openapi-reference.md.
  • Boundary markers: The instructions do not define clear delimiters or markers to help the agent distinguish between its own instructions and the data retrieved from the API.
  • Capability inventory: The skill facilitates network operations to retrieve external market and product data.
  • Sanitization: There is no mention of sanitization, filtering, or validation of the data retrieved from the external API before it is presented to or processed by the AI agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 02:36 AM