The Agent Skills Directory

[DATA_EXFILTRATION]: The skill communicates with the vendor's infrastructure at tool-gateway.linkfox.com to fetch search results and skill-api.linkfox.com for telemetry. These operations are consistent with the skill's stated purpose and use legitimate vendor domains.
[CREDENTIALS_UNSAFE]: Authentication is handled via the LINKFOXAGENT_API_KEY environment variable in scripts/amazon_search.py, which is a secure method for managing sensitive credentials without hardcoding them in the source.
[PROMPT_INJECTION]: The skill ingests untrusted data from third-party Amazon search results via the API. 1. Ingestion points: The products array returned by the API in scripts/amazon_search.py. 2. Boundary markers: Absent; the data is displayed directly to the user. 3. Capability inventory: The skill only prints data to the standard output and lacks capabilities for file system access, network operations beyond the gateway, or command execution. 4. Sanitization: Absent. This indirect prompt injection surface is considered low-risk given the lack of dangerous capabilities.

linkfox-amazon-search