linkfox-etsy-store-query
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local Python script (
scripts/etsy_store_query.py) to process parameters and interact with the LinkFox tool gateway. - [EXTERNAL_DOWNLOADS]: To resolve authentication or credit issues, the skill instructs the agent to download a secondary skill (
linkfox-onboarding) fromagent-files.linkfox.com. This resource is hosted on the vendor's own infrastructure. - [DATA_EXPOSURE]: The Python script implements a local logging and caching system that writes API response data and session metadata to a
linkfox/directory within the workspace. - [INDIRECT_PROMPT_INJECTION]: The skill ingests Etsy store data from an external API, creating a potential surface for indirect prompt injection via the returned content.
- Ingestion points: Store data is fetched and parsed as JSON within the
scripts/etsy_store_query.pyscript. - Boundary markers: No explicit markers are used in the prompt instructions to isolate the external data from the agent's instructions.
- Capability inventory: The skill has the ability to write files to the workspace (cache) and perform network requests to the vendor's API gateway.
- Sanitization: The script employs standard JSON parsing using the Python
jsonmodule, but does not perform additional sanitization on the content values.
Audit Metadata