Skills
skills/linkfox-ai/linkfox-skills/linkfox-eureka-description/Gen Agent Trust Hub

linkfox-eureka-description

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes technical documentation from an external source.
  • Ingestion points: Technical patent description data is retrieved via the https://tool-gateway.linkfox.com/eureka/descriptionData API, as implemented in scripts/eureka_description.py and references/api.md.
  • Boundary markers: Absent. The instructions in SKILL.md do not recommend wrapping the retrieved patent text in delimiters or providing warnings to ignore instructions embedded within the technical content.
  • Capability inventory: The skill includes network read operations and telemetry reporting via the Feedback API; it does not perform file system writes or execute arbitrary system commands.
  • Sanitization: No sanitization, filtering, or validation of the API-returned content is specified in the documentation or the retrieval script.
  • [DATA_EXFILTRATION]: The skill performs network operations to vendor-specific domains.
  • It sends requests to tool-gateway.linkfox.com to fetch data and skill-api.linkfox.com for feedback reporting. Both domains are associated with the skill's author, linkfox-ai.
  • The skill correctly handles sensitive credentials by reading the LINKFOXAGENT_API_KEY from environment variables rather than hardcoding secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 05:32 AM