linkfox-amazon-opportunity-report-by-keyword

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes a Python script located at scripts/amazon_opportunity_report.py to handle the keyword analysis and data processing logic.
  • [EXTERNAL_DOWNLOADS]: The documentation refers to a secondary utility for onboarding that can be downloaded from https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip. This resource is hosted on the vendor's own domain.
  • [DATA_EXFILTRATION]: The skill transmits authentication tokens (either LINKFOX_AGENT_API_KEY or LINKFOXAGENT_API_KEY) to the vendor's API gateway at tool-gateway.linkfox.com. This is the intended behavior for authenticating requests to the service.
  • [PROMPT_INJECTION]: The skill ingests and displays Markdown-formatted reports derived from external search data. This represents a potential surface for indirect prompt injection, where malicious instructions hidden in the data could influence agent behavior, though the implementation follows standard practices for data reporting.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM