linkfox-eureka-claim-data
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface\n
- Ingestion points: Patent claim data is fetched from an external API and processed by the agent in
scripts/eureka_claim_data.py.\n - Boundary markers: The instructions do not specify delimiters to separate untrusted claim text from agent instructions.\n
- Capability inventory: The skill executes a Python script that performs network requests to verified vendor endpoints.\n
- Sanitization: No sanitization is performed on retrieved patent text before it is presented to the agent.\n- [SAFE]: Credential Security\n
- The skill correctly manages authentication by retrieving the API key from an environment variable rather than using hardcoded values.\n- [SAFE]: Verified Domains\n
- All API and documentation links point to official vendor domains or established enterprise services (linkfox.com and feishu.cn), mitigating the risk of data exfiltration.
Audit Metadata