Amazon产品研究员

Security checks across malware telemetry and agentic risk

Overview

This skill does the advertised Amazon product research workflow, with privacy and report-viewing risks users should understand before using real data.

Use mock mode for demos or confidential research. For real runs, only provide API keys if you are comfortable sending queries, product/review text, and generated analysis to the selected providers, and treat generated HTML reports as local files that may load remote scripts/images when opened.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (14)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The generated HTML loads Chart.js from a third-party CDN, so opening a local report triggers a network request to an external domain and executes remotely hosted JavaScript in the browser. This creates a supply-chain and privacy risk: CDN compromise, content changes, or blocked/offline environments can affect report integrity and may disclose that the report was opened.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger set includes very broad phrases such as '产品研究', '竞品分析', and 'market research', which can overlap with ordinary user requests and cause the skill to activate unexpectedly. Because this skill performs networked data collection and report generation, overbroad triggering increases the chance of unintended external transmission and unintended tool use.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The description explains API keys and endpoints but does not clearly warn that user queries, product/review text, and derived analysis may be transmitted to third-party LLM and Amazon-related APIs. This is dangerous because users may unknowingly send potentially sensitive research terms or collected data to external processors.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The code sends review title/body content to an external LLM service via requests.post without any consent gate, disclosure, redaction, or data-classification check at the call site. Even though reviews may seem low-sensitivity, they can contain personal data, contact details, or other unexpected sensitive text, creating a privacy and compliance risk when exported to a third-party API.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The module sends product summaries and review-derived data to an external LLM endpoint via HTTPS without any visible consent flow, warning, or data-minimization guard. In a product-research skill, review text and derived pain/selling points may contain sensitive business data or user content, so silent transmission creates a privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The code writes a full HTML report containing product, review, sentiment, VOC, and opportunity-analysis data to disk without any explicit notice, consent flow, or data-retention control. In a research workflow that may process proprietary queries or sensitive review corpora, silent persistence increases the chance of unintended local exposure through shared machines, backups, or later exfiltration by other software.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Because the report imports Chart.js from jsDelivr, opening the generated file causes the browser to contact a third-party endpoint without any user-facing warning. This can leak metadata such as access timing, IP address, and the fact that a report was opened, which is especially relevant for market-research outputs that may reflect confidential business activity.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The module sends product titles and review-derived summaries to an external LLM API without any built-in disclosure, consent check, or data-minimization control. Even if the data is not obviously secret, review text and derived insights may contain sensitive business research inputs or accidental personal data, creating a real data-exposure risk when transmitted to a third party.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The module sends product titles, ASINs, VOC summaries, and market-gap data to an external LLM API, but this code provides no disclosure, consent mechanism, data-minimization control, or redaction before transmission. In a product-research skill, upstream data may include scraped or review-derived content and potentially sensitive business research inputs, so silent third-party transmission creates a real privacy and governance risk.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The function sends the raw user search query to a third-party RapidAPI endpoint whenever an API key is configured, with no explicit consent flow, warning, or data-minimization step. In a product-research skill, user queries may contain sensitive business intent, unreleased product ideas, or proprietary market research terms, so silent transmission to an external service creates a real privacy and confidentiality risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: When an API key is provided, individual review text is sent to an external LLM for tagging, but this file does not present an explicit warning or consent step about third-party transmission of review content. In a product-research skill, review data may still contain personal or sensitive free-form text, so silent export to external AI services creates a real privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The code sends aggregated product data, tagged reviews, VOC results, and competitor/opportunity analysis inputs to external LLM services for multiple downstream stages without clear disclosure at runtime. This broadens the data exposure surface beyond single reviews and may violate user expectations, internal policy, or third-party data handling requirements.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code sends product metadata and review excerpts to an external LLM API, which is a real data-exposure risk because review text may contain personal data, sensitive business intelligence, or copyrighted content. There is no consent gate, minimization, redaction, or clear disclosure at the transmission point, so users may unknowingly exfiltrate third-party content to a remote service.

Ssd 4

Medium

Confidence: 90% confidence
Finding: Untrusted review text is interpolated directly into the prompt, so a malicious review can include prompt-injection content that attempts to override instructions, alter output structure, or manipulate downstream analysis. Because this skill processes arbitrary marketplace reviews at scale, the attack surface is larger and malformed or adversarial outputs could poison sentiment tagging and later analytical stages.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal