amazon-buy-box-monitor-api-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (scripts/amazon_buy_box_monitor_api.py and SKILL.md) starts BrowserAct tasks via https://api.browseract.com to scrape Amazon pages using a provided ASIN/marketplace_url and then returns/parses that third-party product/seller content (including user-generated seller feedback), which the agent is expected to read and use to drive monitoring/decision actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to the BrowserAct API at https://api.browseract.com/v2/workflow (using workflow_template_id "87215742629531801"), which triggers execution of a remote workflow/template on the provider's side and is required for the skill to function, so the external URL effectively executes remote code controlling the task results.