Product Research

The skill is classified as suspicious due to a potential prompt injection vulnerability identified in SKILL.md. The instructions for the AI agent to include 'user-provided affiliate URL' for Helium 10 and Jungle Scout (`[HELIUM10_LINK_OR_COUPON]`, `[JUNGLESCOUT_LINK_OR_COUPON]`) could be exploited by a malicious user to inject harmful links into the agent's output. While the skill itself does not generate or execute malicious content, it provides a mechanism for a user to reflect arbitrary URLs, which is a vulnerability. Other aspects, such as API key handling and dependency installation via `npx`, are standard for the platform and do not indicate malicious intent from the skill itself.