linkfox-amazon-alexa-search
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to
tool-gateway.linkfox.comandskill-api.linkfox.comto interact with the Alexa shopping assistant and provide feedback. These are vendor-controlled endpoints associated with the author. The instructions also reference a download fromagent-files.linkfox.comfor onboarding purposes, which is a verified vendor domain. - [COMMAND_EXECUTION]: The skill uses a Python script (
scripts/amazon_alexa_search.py) to facilitate API communication, manage local caching in a.cachedirectory within the workspace, and log response data to local files for session tracking. This is standard tool implementation. - [DATA_EXFILTRATION]: User queries and Amazon URLs are transmitted to the vendor's API gateway. This data transfer is required for the tool's primary purpose of providing AI-driven shopping recommendations and does not target sensitive user files or credentials.
- [SAFE]: No malicious behaviors such as prompt injection, unauthorized privilege escalation, or persistence mechanisms were found. Authentication is handled using standard environment variables, and all external communications are directed to the vendor's infrastructure.
Audit Metadata