asin-data-api
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage via npm. This is a verified tool provided by the vendor for platform interaction. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to manage authentication and execute API actions. These operations are essential for the skill's primary functionality. - [PROMPT_INJECTION]: The skill processes untrusted data from Amazon product listings, which could contain hidden instructions (indirect prompt injection).
- Ingestion points: Product titles, descriptions, and reviews retrieved via the ASIN Data API (SKILL.md).
- Boundary markers: The documentation does not specify the use of delimiters or markers to isolate external data.
- Capability inventory: The skill can execute actions and proxy requests using the CLI (SKILL.md).
- Sanitization: No data sanitization or validation steps are described in the integration instructions.
Audit Metadata