linkfox-amazon-store-uploads
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
_spapi_uploads_common.pyexecutes a local dependency checker script usingsubprocess.run. This is a standard practice within the LinkFox skill ecosystem to ensure prerequisite skills are available. - [COMMAND_EXECUTION]: The utility script
response_io.pyacts as a wrapper that executes other skill scripts viasubprocess.run. It is used to persist large API responses to disk and selectively read fields, which helps prevent agent context overflow. The execution is limited to local scripts provided with the skill. - [DATA_EXFILTRATION]: The skill reads local file contents and uploads them to Amazon-provided URLs. This behavior is the primary stated purpose of the skill (Amazon Store Uploads) and is triggered by specific user requests to upload content. Communications are routed through the developer's proxy at
tool-gateway.linkfox.com. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to the LinkFox developer gateway and to Amazon's upload destinations. These are expected for the skill's functionality and target well-known or vendor-owned domains.
Audit Metadata