They did give examples - Section 4.2 of the linked PDF.
You also implied that, because they were useless skills that wouldn't be installed by actual users, that there was no problem. Policy breaking Skills should be picked up before they reach users.
The following was a problem (from the article):
"inconsistencies where rejected content gets accepted after resubmission, vetting tools that can't recognize cloned code submitted by multiple developer accounts, excessive trust in developers, and negligence in spotting data harvesting even when the violations are made obvious.
Amazon also does not require developers to re-certify their Skills if the backend code – run on developers' servers – changes. It's thus possible for Skills to turn malicious if the developer alters the backend code"
The authors of the study have identified failings in Amazon's auditing that put its users at risk. Amazon can address these failings... or choose to ignore it and carry on. I see you're in the ignore it camp.
Apologies if my comment comes across as blunt - yours came across as deliberate misinformation!
I take it you own a smart speaker. I'd be interested to know what you use it for - I want one but can't work out what, in practice, if end up using it for.