The Agent Skills Directory

[PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface due to the ingestion of external data. -- Ingestion points: The agent displays product information such as productName and title retrieved from the EchoTik API, as defined in references/api.md. -- Boundary markers: SKILL.md lacks specific delimiters or instructions to treat the API-provided product data as untrusted or to ignore instructions potentially embedded within those strings. -- Capability inventory: The skill has the capability to perform network requests and access the LINKFOXAGENT_API_KEY environment variable via scripts/echotik_list_product.py. -- Sanitization: There is no evidence of sanitization or validation performed on the external product data before it is rendered by the agent.
[DATA_EXFILTRATION]: The skill performs network requests to the vendor's tool gateway at tool-gateway.linkfox.com to fetch product metrics. These operations are consistent with the skill's stated purpose and target vendor-controlled infrastructure.

linkfox-echotik-product-search