linkfox-amazon-ads-report

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The get_report.py script executes a local dependency check via subprocess.run to ensure the required authentication skill is present. The execution path is programmatically derived from the script's own location, preventing path traversal or unauthorized command injection.
  • [COMMAND_EXECUTION]: The skill implements a temporary HTTP server that binds exclusively to the local loopback address (127.0.0.1). This server is used to facilitate the download of processed report files by the user and is designed to self-terminate after a configurable timeout (defaulting to 300 seconds).
  • [EXTERNAL_DOWNLOADS]: The skill downloads advertising reports from Amazon's infrastructure using pre-signed URLs provided by the Amazon Ads API. These downloads are handled using standard library functions and are restricted to temporary directories.
  • [DATA_EXFILTRATION]: The skill transmits advertising request parameters and a user-provided API key to the vendor's managed gateway (tool-gateway.linkfox.com). This communication is the primary intended mechanism for the skill to interact with the Amazon Ads API and is directed to the verified infrastructure of the skill's author.
  • [PROMPT_INJECTION]: The skill contains extensive instructional safeguards to ensure the agent correctly handles multi-account scenarios and站点 (site) mapping. These instructions are directed at agent reliability and do not contain patterns intended to bypass safety filters or override system constraints.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 11:27 AM