amazon-product-search-api-skill
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/amazon_product_search_api.pycommunicates withapi.browseract.comto trigger and fetch results from the Amazon search template. This is the vendor's official API and is consistent with the skill's stated purpose. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by retrieving data from external Amazon listings. Content such as product titles or descriptions could contain instructions meant to deceive the agent. The script provides raw output without specific sanitization or delimiters.
- Ingestion points: The API response from
api.browseract.comcontains data parsed from Amazon search results. - Boundary markers: No explicit delimiters or 'ignore' instructions are added to the script output.
- Capability inventory: The agent can execute a local Python script which performs network requests and prints to the console.
- Sanitization: The script does not perform filtering or validation on the text content returned by the API before printing.
Audit Metadata