amazon-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by retrieving untrusted text content from external websites (Amazon, YouTube, and general URLs) which is then processed by the AI agent.\n
- Ingestion points: Untrusted data enters the agent context through
assets/amazon_handler.js,assets/main_handler.js, andassets/youtube_handler.jsvia Playwright text extraction and API interception.\n - Boundary markers: The skill does not provide delimiters or specific instructions to the agent to distinguish between the scraped data and its own system instructions.\n
- Capability inventory: The skill is designed to run in a Docker container and uses the browser to extract information; it does not contain code for host-level file system modification or network exfiltration outside of the target URLs.\n
- Sanitization: Sanitization is minimal, limited to basic regex-based removal of XML tags in YouTube transcripts, leaving the agent exposed to potentially malicious instructions embedded in the retrieved web content.
Audit Metadata