linkfox-amazon-store-feeds
Warn
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The helper script
scripts/response_io.pyusessubprocess.runto execute other Python scripts. It accepts a path via the--scriptargument and resolves it without restriction, allowing the execution of any file on the system as a Python script.\n- [DATA_EXFILTRATION]:scripts/upload_feed_document.pycan read local files from a path provided in its input parameters and upload the content to an arbitrary remote URL via an HTTP PUT request. This capability could be exploited for data exfiltration if an attacker influences the file path and destination URL.\n- [EXTERNAL_DOWNLOADS]: The skill communicates with the vendor's API gateway athttps://tool-gateway.linkfox.comand performs data uploads to external, user-specified Amazon document URLs.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes data from external API responses and local files, which is subsequently returned to the agent context without sanitization.\n - Ingestion points: External API responses from the SP-API gateway and content from local files read by
upload_feed_document.py.\n - Boundary markers: None identified; data is presented to the agent as part of the tool's standard output or within the
response_io.pypreview block.\n - Capability inventory: Arbitrary script execution via
subprocess.run, file system read/write access, and outbound network communication.\n - Sanitization: No evidence of filtering, escaping, or validation of ingested content is present.
Audit Metadata