linkfox-amazon-opportunity-report
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to fetch and display market analysis reports, which it performs securely.
- [CREDENTIALS_UNSAFE]: The skill uses a secure approach for authentication. It instructs users to set their API key as an environment variable (
LINKFOXAGENT_API_KEY) rather than hardcoding credentials in the script or instructions. - [DATA_EXFILTRATION]: Data transmission is limited to sending the requested keyword and marketplace code to the official vendor API at
tool-gateway.linkfox.com. This is the intended behavior and occurs over an encrypted connection. - [COMMAND_EXECUTION]: The provided Python script uses standard, built-in libraries (
urllib.request,json) to perform its tasks. It does not utilize any dangerous functions likeeval(),exec(), oros.system(). - [PROMPT_INJECTION]: While the skill ingests and displays external content (the generated report), it does so as its core function.
- Ingestion points: The
stdoutfield from the LinkFox API response. - Boundary markers: The skill instructions specify that the Markdown output should be displayed directly to the user.
- Capability inventory: The skill is restricted to information retrieval and feedback submission.
- Sanitization: No explicit sanitization is performed on the Markdown; however, the agent is instructed to present the report as-is without secondary analysis, which limits the impact of potential indirect injections.
Audit Metadata