linkfox-amazon-ads-report
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The
get_report.pyscript executes a local dependency check viasubprocess.runto ensure the required authentication skill is present. The execution path is programmatically derived from the script's own location, preventing path traversal or unauthorized command injection. - [COMMAND_EXECUTION]: The skill implements a temporary HTTP server that binds exclusively to the local loopback address (
127.0.0.1). This server is used to facilitate the download of processed report files by the user and is designed to self-terminate after a configurable timeout (defaulting to 300 seconds). - [EXTERNAL_DOWNLOADS]: The skill downloads advertising reports from Amazon's infrastructure using pre-signed URLs provided by the Amazon Ads API. These downloads are handled using standard library functions and are restricted to temporary directories.
- [DATA_EXFILTRATION]: The skill transmits advertising request parameters and a user-provided API key to the vendor's managed gateway (
tool-gateway.linkfox.com). This communication is the primary intended mechanism for the skill to interact with the Amazon Ads API and is directed to the verified infrastructure of the skill's author. - [PROMPT_INJECTION]: The skill contains extensive instructional safeguards to ensure the agent correctly handles multi-account scenarios and站点 (site) mapping. These instructions are directed at agent reliability and do not contain patterns intended to bypass safety filters or override system constraints.
Audit Metadata