Amazon Seller
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection where malicious instructions could be embedded in data retrieved from external sources.
- Ingestion points: Untrusted data enters the agent context through Amazon Order information (e.g.,
buyer_namein messaging templates) and external product listings/competitor data used for pricing and optimization logic. - Boundary markers: The YAML templates for messaging and listing optimization (e.g.,
listing_template,messaging_automation) do not currently specify boundary markers or instructions to ignore embedded commands within variable interpolations like{{buyer_name}}or{{product_name}}. - Capability inventory: The skill possesses significant write capabilities via the
amazon_sp_apiandamazon_ads_apitools, including the ability to send messages to buyers, update product listings, adjust pricing, and create shipment plans. - Sanitization: There is no explicit mention of input validation or sanitization for external content before it is interpolated into prompts or used as input for API calls.
Audit Metadata