linkfox-amazon-alexa-for-shopping
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to
tool-gateway.linkfox.comto communicate with the Amazon Alexa API. This is the official gateway for the developer 'linkfox-ai' and is used for its intended primary purpose. - [COMMAND_EXECUTION]: The helper script
scripts/response_io.pyusessubprocess.run()to execute other skill scripts (e.g.,scripts/amazon_alexa_search.py). This is a standard architectural pattern in this skill set for managing large responses and does not involve arbitrary or untrusted command injection. - [CREDENTIALS_UNSAFE]: The skill correctly retrieves its API key from the environment variable
LINKFOXAGENT_API_KEYrather than hardcoding secrets, which is a recommended security practice. - [DATA_EXFILTRATION]: While the skill handles user prompts and Amazon URLs, data is only transmitted to the developer's documented API endpoint. No sensitive system files or local credentials are accessed or transmitted.
- [PROMPT_INJECTION]: The skill contains instructional content for the agent on how to summarize and concatenate context. There are no patterns suggesting attempts to bypass AI safety filters or override system instructions.
Audit Metadata