linkfox-echotik-batch-product-detail

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download an onboarding package from 'https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip' if authentication keys are missing. This domain is managed by the skill's vendor and is used for setup guidance.
  • [COMMAND_EXECUTION]: The skill executes a Python script 'scripts/echotik_batch_product_detail.py' to interface with the backend API. The script utilizes the standard library's 'urllib' module for network requests and 'os' for file system operations.
  • [DATA_EXFILTRATION]: The skill reads 'LINKFOX_AGENT_API_KEY' from the environment and transmits it to 'tool-gateway.linkfox.com'. This behavior is the intended method for authenticating with the vendor's data service.
  • [SAFE]: Analysis of the source code and instructions reveals no evidence of prompt injection, obfuscation, privilege escalation, or persistence mechanisms. The file writing operations are restricted to structured project directories.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM