Amazon FBA Operations

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Amazon FBA operations skill; its business-data requests are relevant to that purpose but should be shared sparingly.

Install only if you want an agent to help with Amazon seller operations. Share the minimum business data needed, use supplier nicknames or internal IDs instead of full contact records when possible, avoid confidential contract or banking details, and manually review any purchase orders, financial calculations, competitor analysis, or seller response drafts before acting on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill description is very broad and lacks clear invocation boundaries, which can cause an agent to over-apply the skill to loosely related business tasks. In practice, this increases the chance of unintended use on inappropriate prompts or unnecessary collection and processing of seller business data beyond the user's intent.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The setup section asks for supplier contacts and other operational details without any warning, minimization guidance, or handling restrictions for sensitive business information. That can lead users to disclose vendor identities, emails, phone numbers, MOQs, and sourcing relationships that are commercially sensitive and could be exposed, retained, or reused improperly by downstream systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal