Amazon Seller
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. 1. Ingestion points: External data enters the agent context via the messaging_automation workflow (e.g., buyer_name and tracking) in SKILL.md. 2. Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the templates. 3. Capability inventory: The skill possesses capabilities to update listings, create shipment plans, reorder from suppliers, and send messages to customers. 4. Sanitization: No evidence of sanitization or validation of the interpolated data is present in the markdown.
- [COMMAND_EXECUTION]: Python code snippets in SKILL.md provide examples of legitimate interactions with the Amazon Seller Partner API (SP-API) for tasks such as listing orders and updating inventory levels. These are documented neutrally as intended functionality for seller management.
Audit Metadata