linkfox-amazon-store-feeds

Warn

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The helper script scripts/response_io.py uses subprocess.run to execute other Python scripts. It accepts a path via the --script argument and resolves it without restriction, allowing the execution of any file on the system as a Python script.\n- [DATA_EXFILTRATION]: scripts/upload_feed_document.py can read local files from a path provided in its input parameters and upload the content to an arbitrary remote URL via an HTTP PUT request. This capability could be exploited for data exfiltration if an attacker influences the file path and destination URL.\n- [EXTERNAL_DOWNLOADS]: The skill communicates with the vendor's API gateway at https://tool-gateway.linkfox.com and performs data uploads to external, user-specified Amazon document URLs.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes data from external API responses and local files, which is subsequently returned to the agent context without sanitization.\n
  • Ingestion points: External API responses from the SP-API gateway and content from local files read by upload_feed_document.py.\n
  • Boundary markers: None identified; data is presented to the agent as part of the tool's standard output or within the response_io.py preview block.\n
  • Capability inventory: Arbitrary script execution via subprocess.run, file system read/write access, and outbound network communication.\n
  • Sanitization: No evidence of filtering, escaping, or validation of ingested content is present.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 30, 2026, 12:05 AM