Amazon Product Research

Security checks across malware telemetry and agentic risk

Overview

This is a plain markdown guidance skill for Amazon product research, with no executable code, credentials, persistence, or hidden system access.

Install only if you want Amazon-focused product research guidance. Treat its market, cost, supplier, and profit estimates as preliminary public-data research, and independently verify current Amazon fees, supplier quotes, compliance requirements, and sales data before buying inventory or spending money.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The manifest description is broad enough to trigger on generic product-research or product-viability requests, not just Amazon seller workflows. That can cause the skill to be invoked outside its intended scope and return Amazon-selling guidance when the user wanted general market research, increasing the risk of misrouting, irrelevant advice, and user confusion.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill presents detailed market, pricing, supplier, and profitability analysis workflows without an upfront warning that the data is approximate, public-source-based, and may be stale or incomplete. In this business decision context, users may over-trust speculative estimates and make sourcing or investment decisions on outdated or unverifiable information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal