The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/research.sh is vulnerable to command injection. It takes the user-supplied keyword and interpolates it directly into a Python command string (python3 -c "...quote('$KEYWORD')...") using single quotes. If a keyword contains a single quote (e.g., "'); import os; os.system('ls'); print('"), it can break out of the intended string literal and execute arbitrary Python or shell commands. This represents a significant security risk as the agent executes this script locally.
[EXTERNAL_DOWNLOADS]: The scripts/research.sh file uses curl to fetch data from various Amazon autocomplete API endpoints (e.g., completion.amazon.com). While these are well-known domains and the activity is consistent with the skill's purpose, the script's underlying command injection vulnerability increases the risk that these network operations could be redirected or exploited for data exfiltration.
[REMOTE_CODE_EXECUTION]: While the skill does not explicitly download and execute remote scripts (e.g., curl | bash), the combination of external data ingestion from Amazon's API and the command injection vulnerability in the processing script creates a pathway for code execution if an attacker can influence the data returned by the API or the keyword provided to the agent.

amazon-keyword-research