linkfox-amazon-alexa-for-shopping

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill connects to tool-gateway.linkfox.com to communicate with the Amazon Alexa API. This is the official gateway for the developer 'linkfox-ai' and is used for its intended primary purpose.
  • [COMMAND_EXECUTION]: The helper script scripts/response_io.py uses subprocess.run() to execute other skill scripts (e.g., scripts/amazon_alexa_search.py). This is a standard architectural pattern in this skill set for managing large responses and does not involve arbitrary or untrusted command injection.
  • [CREDENTIALS_UNSAFE]: The skill correctly retrieves its API key from the environment variable LINKFOXAGENT_API_KEY rather than hardcoding secrets, which is a recommended security practice.
  • [DATA_EXFILTRATION]: While the skill handles user prompts and Amazon URLs, data is only transmitted to the developer's documented API endpoint. No sensitive system files or local credentials are accessed or transmitted.
  • [PROMPT_INJECTION]: The skill contains instructional content for the agent on how to summarize and concatenate context. There are no patterns suggesting attempts to bypass AI safety filters or override system instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 11:19 AM