Skills
skills/postplusai/postplus-skills/amazon-research/Gen Agent Trust Hub

amazon-research

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script download_videos_from_manifest_with_ytdlp.mjs executes the yt-dlp tool via python3 subprocesses to download product-related media content. This is a functional requirement for the skill's media processing capabilities.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations using author-provided shared libraries to communicate with Amazon and vendor API endpoints (e.g., api.postplus.com) for data collection and session management.
  • [CREDENTIALS_UNSAFE]: The shared configuration library postplus_cli_config.mjs manages session tokens and CLI settings by reading and writing to local configuration files in the user's application data directory.
  • [PROMPT_INJECTION]: The skill processes untrusted external data from Amazon reviews and product descriptions, creating an indirect prompt injection surface. This ingestion is a core part of its intended research function and is managed within the author's data analysis framework.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 06:37 AM