linkfox-amazon-store-customer-feedback

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to call an internal script (check_auth_dependency.py) for verifying that the prerequisite authentication skill is installed. This execution is limited to a specific file within the skill's package.
  • [EXTERNAL_DOWNLOADS]: The skill connects to tool-gateway.linkfox.com to facilitate communication with the Amazon Selling Partner API. This endpoint is part of the vendor's documented infrastructure.
  • [DATA_EXFILTRATION]: The skill transmits necessary session tokens and store identifiers to the vendor's API gateway. This is the intended function of the tool and is performed via secure HTTPS requests.
  • [PROMPT_INJECTION]: The skill processes external data from Amazon API responses which acts as an indirect prompt injection surface.
  • Ingestion points: External data is ingested from the Amazon SP-API via scripts/_spapi_customer_feedback_common.py.
  • Boundary markers: Not present.
  • Capability inventory: Subprocess calls (restricted) and local file writing.
  • Sanitization: Not present.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM