linkfox-eureka-bibliography
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests patent titles and abstracts from an external API, representing a surface for indirect prompt injection.\n
- Ingestion points: Data retrieved from vendor endpoints in
scripts/eureka_bibliography.py.\n - Boundary markers: No specific delimiters or safety instructions are used to wrap external content in the output.\n
- Capability inventory: The skill has network access and file-read capabilities (to access environment variables).\n
- Sanitization: There is no filtering or validation of the retrieved bibliographic content before it is processed by the agent.\n- [DATA_EXFILTRATION]: The skill performs network operations to
tool-gateway.linkfox.comandskill-api.linkfox.com. These are legitimate vendor-controlled domains used for their intended purpose, and no sensitive local data is transmitted.\n- [CREDENTIALS_UNSAFE]: API authentication is handled securely via theLINKFOXAGENT_API_KEYenvironment variable, avoiding the risk of hardcoded credentials.
Audit Metadata