amazon-reviews-api-skill
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to 'api.browseract.com' to initiate and monitor data extraction tasks. This is consistent with the skill's stated purpose and targets the vendor's own infrastructure.
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute a local Python script ('scripts/amazon_reviews_api.py') using standard arguments. No arbitrary or high-privilege command execution was detected.
- [DATA_EXFILTRATION]: No evidence of unauthorized data movement. The script handles an API key provided by the user via environment variables and only transmits the target Amazon ASIN to the service provider.
- [CREDENTIALS_UNSAFE]: The skill correctly instructs the agent to use an environment variable ('BROWSERACT_API_KEY') and explicitly warns against taking other measures if the key is missing, directing the user to the official console instead.
- [PROMPT_INJECTION]: The instructions are clear and focus on operational logic (retries, monitoring, error handling) without attempting to bypass safety filters or override system instructions.
Audit Metadata