linkfox-amazon-opportunity-report-by-keyword
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a Python script located at
scripts/amazon_opportunity_report.pyto handle the keyword analysis and data processing logic. - [EXTERNAL_DOWNLOADS]: The documentation refers to a secondary utility for onboarding that can be downloaded from
https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip. This resource is hosted on the vendor's own domain. - [DATA_EXFILTRATION]: The skill transmits authentication tokens (either
LINKFOX_AGENT_API_KEYorLINKFOXAGENT_API_KEY) to the vendor's API gateway attool-gateway.linkfox.com. This is the intended behavior for authenticating requests to the service. - [PROMPT_INJECTION]: The skill ingests and displays Markdown-formatted reports derived from external search data. This represents a potential surface for indirect prompt injection, where malicious instructions hidden in the data could influence agent behavior, though the implementation follows standard practices for data reporting.
Audit Metadata