The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/get_report.py uses subprocess.run to execute a local helper script, scripts/check_auth_dependency.py. This is used to verify the presence of the required authentication skill before proceeding with API calls. The command is executed with a fixed list of arguments and does not use a shell, minimizing injection risks.
[EXTERNAL_DOWNLOADS]: The skill requests report URLs from https://tool-gateway.linkfox.com and subsequently downloads report data from Amazon's servers. These downloads are central to the skill's primary function of report retrieval.
[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data in the form of downloaded Amazon reports and previews the first few lines to the agent context in scripts/get_report.py. While this creates a potential surface for indirect injection if a report contains malicious instructions, the risk is inherent to data-processing tasks and is mitigated by the structured nature of the expected input.
[DYNAMIC_EXECUTION]: The script scripts/get_report.py starts a temporary local HTTP server on 127.0.0.1 to serve the extracted report file to the user's browser. This server is restricted to serving only the specific report file and is intended to improve the user experience for cross-platform report access.

linkfox-amazon-store-report