The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on executing a local Python script (amazon_skill.py) via the Bash tool to perform web scraping and file management tasks.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from Amazon product listings and provides it to the agent.
Ingestion points: Product titles, feature bullets, and technical specifications are scraped from amazon.com in the search_amazon and get_product functions within amazon_skill.py.
Boundary markers: The scraped content is returned as structured JSON, but the skill lacks explicit instructions or delimiters to warn the agent against executing instructions that might be embedded within the product text.
Capability inventory: The skill uses the Bash tool to execute its logic and has the Read tool allowed, which could be abused if an injected instruction successfully compromises the agent's session.
Sanitization: The script performs basic text extraction and length limiting (e.g., truncating titles to 120 characters) but does not sanitize the content for malicious natural language instructions.

amazon-skill