linkfox-ai-mode-google-search

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions in SKILL.md recommend downloading an onboarding skill from the vendor's infrastructure at https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip if the API key is not configured. This is a mechanism for distributing additional tooling provided by the vendor.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it retrieves AI-generated summaries from Google search results which are then ingested into the agent's context.
  • Ingestion points: Untrusted data from the web enters the agent's context through the stdout response field fetched by scripts/google_ai_search.py.
  • Boundary markers: The instructions lack explicit boundary markers or warnings to the agent to ignore instructions embedded in the search results.
  • Capability inventory: The agent is instructed to summarize the output directly and use it to form follow-up queries, providing a path for malicious instructions in search results to influence future tool calls.
  • Sanitization: No validation or filtering is performed on the incoming Markdown content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM