linkfox-eureka-claim-data

Pass

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface\n
  • Ingestion points: Patent claim data is fetched from an external API and processed by the agent in scripts/eureka_claim_data.py.\n
  • Boundary markers: The instructions do not specify delimiters to separate untrusted claim text from agent instructions.\n
  • Capability inventory: The skill executes a Python script that performs network requests to verified vendor endpoints.\n
  • Sanitization: No sanitization is performed on retrieved patent text before it is presented to the agent.\n- [SAFE]: Credential Security\n
  • The skill correctly manages authentication by retrieving the API key from an environment variable rather than using hardcoded values.\n- [SAFE]: Verified Domains\n
  • All API and documentation links point to official vendor domains or established enterprise services (linkfox.com and feishu.cn), mitigating the risk of data exfiltration.
Audit Metadata
Risk Level
SAFE
Analyzed
May 30, 2026, 12:05 AM