amazon-alexa
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection within the Alexa interaction handler.\n
- Ingestion points: The
queryslot value extracted from theChatIntentin the Python Lambda handler (SKILL.md).\n - Boundary markers: Absent; user input is appended directly to the history list without protective delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill includes functions for Smart Home control (power and brightness), DynamoDB read/write access for user history, and Lambda execution.\n
- Sanitization: No sanitization or validation logic is present to filter or escape the user-provided query before it is sent to the Anthropic API.\n- [EXTERNAL_DOWNLOADS]: The skill setup involves installing command-line tools and software packages from trusted registries.\n
- Evidence: Use of
npm install -g ask-cliandpip install awsclifor environment setup.\n - Context: These tools and the associated SDKs (boto3, anthropic, ask-sdk) originate from trusted technology vendors (Amazon and Anthropic) and are considered standard for the domain.
Audit Metadata