linkfox-amazon-opportunity-search-by-metrics

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to download and install a secondary skill (linkfox-onboarding) from a vendor-controlled domain (https://agent-files.linkfox.com) if the user encounters authentication or quota errors. This is used for vendor-specific troubleshooting and onboarding.
  • [COMMAND_EXECUTION]: Utilizes a local Python script (scripts/amazon_opportunity_screener.py) to interface with the Amazon Opportunity Screener API. The script handles data fetching, caching, and local file storage of results.
  • [DATA_EXFILTRATION]: The execution script transmits session metadata, including SESSION_ID, MODE_ID, and APP_NAME, via HTTP headers to the vendor's API gateway (tool-gateway.linkfox.com). This data is used for request tracking and session persistence.
  • [PROMPT_INJECTION]: The SKILL.md file contains a directive telling the agent "you cannot give up downloading yourself" (你不能自己放弃下载) when attempting to resolve account issues. This is an instruction intended to guide the agent through a specific error-handling flow.
  • [SAFE]: Credentials are managed securely via environment variables (LINKFOX_AGENT_API_KEY), and output data is restricted to the current project's work directory (linkfox/ subfolder) rather than system-sensitive locations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM