linkfox-eureka-description-translated
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled Python script (scripts/eureka_description_translated.py) to perform API requests. The script uses standard libraries and validates parameters before execution.
- [DATA_EXFILTRATION]: The skill communicates with official vendor domains (tool-gateway.linkfox.com and skill-api.linkfox.com) to fetch patent data and submit feedback. Access is authenticated via an environment-stored API key, following security best practices.
- [PROMPT_INJECTION]: The skill processes patent descriptions from a technical database. While it functions as a data ingestion surface, the risk of indirect prompt injection is negligible due to the nature of the data source and the vendor's ownership of the infrastructure. 1. Ingestion points: API responses processed in scripts/eureka_description_translated.py. 2. Boundary markers: None. 3. Capability inventory: Execution of Python scripts for data retrieval. 4. Sanitization: None.
- [SAFE]: No evidence of obfuscation, privilege escalation, or unauthorized access to sensitive local files was found.
Audit Metadata