linkfox-etsy-store-query

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a local Python script (scripts/etsy_store_query.py) to process parameters and interact with the LinkFox tool gateway.
  • [EXTERNAL_DOWNLOADS]: To resolve authentication or credit issues, the skill instructs the agent to download a secondary skill (linkfox-onboarding) from agent-files.linkfox.com. This resource is hosted on the vendor's own infrastructure.
  • [DATA_EXPOSURE]: The Python script implements a local logging and caching system that writes API response data and session metadata to a linkfox/ directory within the workspace.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests Etsy store data from an external API, creating a potential surface for indirect prompt injection via the returned content.
  • Ingestion points: Store data is fetched and parsed as JSON within the scripts/etsy_store_query.py script.
  • Boundary markers: No explicit markers are used in the prompt instructions to isolate the external data from the agent's instructions.
  • Capability inventory: The skill has the ability to write files to the workspace (cache) and perform network requests to the vendor's API gateway.
  • Sanitization: The script employs standard JSON parsing using the Python json module, but does not perform additional sanitization on the content values.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM