linkfox-eureka-abstract-translated
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it retrieves and processes external patent data.
- Ingestion points: The skill fetches patent titles and abstracts from the vendor's API at tool-gateway.linkfox.com.
- Boundary markers: The instructions specify clear display rules for the agent but do not mandate explicit boundary markers (e.g., XML tags) for the retrieved text to prevent it from being interpreted as instructions.
- Capability inventory: The skill is capable of performing network operations and file/script execution to facilitate data retrieval.
- Sanitization: The provided Python script uses standard JSON parsing, but no content filtering or sanitization of the retrieved patent text is performed prior to display.
- [COMMAND_EXECUTION]: The skill includes a Python script (
scripts/eureka_abstract_translated.py) used to communicate with the Eureka API. The script uses the Python standard library and follows safe practices for handling command-line arguments and API keys. - [CREDENTIALS_UNSAFE]: The skill manages authentication using the
LINKFOXAGENT_API_KEYenvironment variable. This is consistent with industry best practices for secret management in agentic environments. - [EXTERNAL_REFERENCE]: The skill references an external Feishu Wiki URL for user documentation and API key registration, which is a legitimate part of the skill's setup process.
Audit Metadata