linkfox-amazon-store-customer-feedback
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runto call an internal script (check_auth_dependency.py) for verifying that the prerequisite authentication skill is installed. This execution is limited to a specific file within the skill's package. - [EXTERNAL_DOWNLOADS]: The skill connects to
tool-gateway.linkfox.comto facilitate communication with the Amazon Selling Partner API. This endpoint is part of the vendor's documented infrastructure. - [DATA_EXFILTRATION]: The skill transmits necessary session tokens and store identifiers to the vendor's API gateway. This is the intended function of the tool and is performed via secure HTTPS requests.
- [PROMPT_INJECTION]: The skill processes external data from Amazon API responses which acts as an indirect prompt injection surface.
- Ingestion points: External data is ingested from the Amazon SP-API via
scripts/_spapi_customer_feedback_common.py. - Boundary markers: Not present.
- Capability inventory: Subprocess calls (restricted) and local file writing.
- Sanitization: Not present.
Audit Metadata