ASIN Data API

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed ASIN Data API connector that can read and modify account data, with explicit confirmation requirements for write and delete actions.

Install this only if you use ASIN Data API through OOMOL and are comfortable connecting that account. Review payloads before approving update or delete actions, since they can change or remove data in the ASIN Data API account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description says to use this skill for ANY ASIN Data API request and instead of calling the API directly, which creates overly broad routing guidance. That can cause an agent to select this skill in situations where narrower, safer, or more appropriate handling should be used, increasing the chance of unintended API operations or unnecessary exposure to destructive actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal