linkfox-ehunt-etsy-store-query

Pass

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXFILTRATION]: The skill performs network requests to the vendor's official API gateway at https://tool-gateway.linkfox.com. This communication is required for the skill's primary function and targets the vendor's own infrastructure.
  • [CREDENTIALS_UNSAFE]: The skill correctly manages authentication by instructing the user to provide an API key via an environment variable (LINKFOXAGENT_API_KEY), which is a secure and standard practice for sensitive credentials.
  • [PROMPT_INJECTION]: The skill processes data from Etsy stores (such as names and categories) which represents a potential surface for indirect prompt injection.
  • Ingestion points: Data is ingested via the _ehunt_storeQuery API response (see references/api.md).
  • Boundary markers: None explicitly defined in the instructions.
  • Capability inventory: The skill includes a Python script (scripts/ehunt_etsy_store_query.py) that can perform network operations and execute as a subprocess.
  • Sanitization: No explicit sanitization or filtering is performed on the incoming store data before being presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 30, 2026, 12:05 AM