Skills
skills/zhuhongyin/global-ecom-skills/amazon-movers-shakers/Gen Agent Trust Hub

amazon-movers-shakers

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the well-known libraries requests and beautifulsoup4 from the official Python Package Index (PyPI) to support its scraping functionality.
  • [COMMAND_EXECUTION]: The script scripts/scrape_amazon.py contains a utility function to install missing dependencies via pip if the user provides the --install-deps flag. This is a standard management pattern for standalone scripts.
  • [DATA_EXFILTRATION]: The skill performs network requests to Amazon domains and the SellerSprite API (api.sellersprite.com) to fetch product rankings. These network operations are aligned with the skill's purpose and do not target sensitive local data.
  • [PROMPT_INJECTION]: The skill ingest untrusted product descriptions and titles from Amazon, which represents a surface for indirect prompt injection.
  • Ingestion points: Amazon product ranking and detail pages fetched in scripts/scrape_amazon.py.
  • Boundary markers: None present in the data output.
  • Capability inventory: Subprocess-based package installation in scripts/scrape_amazon.py.
  • Sanitization: No sanitization is performed on the ingested product metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 05:13 AM