amazon-listing-optimization
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it ingests untrusted product data from Amazon marketplaces that is then processed by the agent.\n
- Ingestion points: The
scripts/fetch-listing.shscript fetches title, bullet points, and descriptions from external Amazon product pages.\n - Boundary markers: Absent. The instructions do not use delimiters or specify that the fetched data should be treated as non-executable content.\n
- Capability inventory: The skill utilizes a local script for data fetching and can perform web searches.\n
- Sanitization: Absent. External listing data is passed to the agent without filtering or escaping.\n- [COMMAND_EXECUTION]: The skill executes a bundled shell script
scripts/fetch-listing.shto extract product details from Amazon. The script uses variable quoting to mitigate standard shell injection and is a core component of the listing optimization workflow.\n- [EXTERNAL_DOWNLOADS]: Fetches product information from well-known Amazon marketplace domains (e.g., amazon.com, amazon.de) usingcurl. These network operations are limited to retrieving public retail data for optimization purposes.
Audit Metadata