Amazon International Listings

Security checks across malware telemetry and agentic risk

Overview

This is a simple Amazon international listing advice skill with no executable code, credential access, persistence, or account-changing instructions.

Use this as a planning and research helper for Amazon marketplace expansion. Do not provide seller credentials or unnecessary private business records, and review any pricing, translation, or listing recommendations before applying them in Amazon Seller Central.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The usage example is a generic natural-language request that could easily appear in ordinary conversation, making the skill more likely to trigger unintentionally. In an agent environment, broad activation phrases can cause the wrong skill to run on unrelated prompts, leading to misrouting, unexpected data use, or confusion in downstream actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal