amazon-ppc-campaign
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled bash script (
scripts/fetch-competitor.sh) to fetch and parse Amazon product listings and uses apython3one-liner for data processing. - [EXTERNAL_DOWNLOADS]: Fetches product details and keyword suggestions from official Amazon domains (
amazon.comandcompletion.amazon.com) to support campaign building logic. - [REMOTE_CODE_EXECUTION]: The skill uses a pattern where the output of a network request to an Amazon API is piped directly to a local Python interpreter. Although flagged by automated scanners, the Python code is a static string provided in the skill instructions used solely to parse JSON values into a plain-text list.
- [PROMPT_INJECTION]: The skill ingests untrusted content from scraped Amazon listing titles and bullet points, as well as user-provided search term reports (CSV). This represents a surface for indirect prompt injection where malicious instructions hidden in product metadata could attempt to influence the agent's campaign recommendations.
- Ingestion points: Scraped data from
scripts/fetch-competitor.shand user-provided CSV data inSKILL.mdworkflows. - Boundary markers: None detected in the instructions for handling scraped data.
- Capability inventory: Uses
curlandpython3for data retrieval and processing; no file-write or persistence capabilities detected. - Sanitization: No explicit sanitization or validation of the scraped HTML or CSV content before it is processed by the agent logic.
Audit Metadata