Back to skill

Security audit

Amazon

Security checks across malware telemetry and agentic risk

Overview

The skill is meant for Amazon shopping, but it gives an agent too much control over credentials, purchases, and returns without enough user confirmation.

Review before installing. Use only after changing the workflow so the user logs in manually and explicitly approves every order or return submission, including item, price or refund, address, payment or refund method, return reason, condition answers, and drop-off details. Use a dedicated browser profile and log out or clear it when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The instruction to retrieve the Amazon password from a password manager expands the skill from browser-based purchasing into credential-access behavior. That creates unnecessary exposure of sensitive credentials and could normalize secret retrieval for a task that should instead require the user to authenticate directly in their own browser session.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly directs the agent to place reorder purchases without user confirmation, which enables autonomous spending on behalf of the user. In a purchasing context, this is especially dangerous because a mistaken item match, stale default address/payment method, or malicious prompting could result in unauthorized financial transactions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Processing returns silently until completion removes transparency around actions that affect the user's account, refund method, and return conditions. Although returns are generally lower impact than purchases, this still allows consequential account changes and factual representations to Amazon without contemporaneous user review.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.