linkfox-amazon-store-uploads

Pass

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script _spapi_uploads_common.py executes a local dependency checker script using subprocess.run. This is a standard practice within the LinkFox skill ecosystem to ensure prerequisite skills are available.
  • [COMMAND_EXECUTION]: The utility script response_io.py acts as a wrapper that executes other skill scripts via subprocess.run. It is used to persist large API responses to disk and selectively read fields, which helps prevent agent context overflow. The execution is limited to local scripts provided with the skill.
  • [DATA_EXFILTRATION]: The skill reads local file contents and uploads them to Amazon-provided URLs. This behavior is the primary stated purpose of the skill (Amazon Store Uploads) and is triggered by specific user requests to upload content. Communications are routed through the developer's proxy at tool-gateway.linkfox.com.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to the LinkFox developer gateway and to Amazon's upload destinations. These are expected for the skill's functionality and target well-known or vendor-owned domains.
Audit Metadata
Risk Level
SAFE
Analyzed
May 30, 2026, 12:04 AM