amazon-buy-box-monitor-api-skill
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a Python script (
scripts/amazon_buy_box_monitor_api.py) to perform its primary function. The execution is limited to this local script and uses standard parameters. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to
api.browseract.com. This domain is the official API endpoint for the skill's author, 'browser-act', representing expected vendor functionality. - [CREDENTIALS_UNSAFE]: The skill handles an API key (
BROWSERACT_API_KEY) via environment variables and instructs the user on how to securely provide it. No hardcoded secrets were found. - [DATA_EXFILTRATION]: No unauthorized data transmission was detected. The script only sends the product identifier (ASIN) and marketplace URL provided by the user to the vendor's API.
- [PROMPT_INJECTION]: There is a minor surface for indirect prompt injection, as the skill retrieves and displays product titles and seller names from Amazon. This is an inherent risk for any web-scraping tool, and the skill handles the data as structured output.
Audit Metadata