Skills
skills/linkfox-ai/linkfox-skills/linkfox-fastmoss-product-search/Gen Agent Trust Hub

linkfox-fastmoss-product-search

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches TikTok product data from the LinkFox tool gateway at tool-gateway.linkfox.com.
  • [DATA_EXFILTRATION]: The skill transmits usage telemetry and sentiment-based feedback to the LinkFox feedback endpoint at skill-api.linkfox.com.
  • [PROMPT_INJECTION]: The processing of external marketplace data such as product titles and shop names establishes an indirect prompt injection surface.
  • [PROMPT_INJECTION]: Ingestion points: Product titles, descriptions, and category names are retrieved from the fastmoss/productSearch API (SKILL.md, references/api.md).
  • [PROMPT_INJECTION]: Boundary markers: The instructions do not define delimiters or specific 'ignore' warnings for the data being processed.
  • [PROMPT_INJECTION]: Capability inventory: The skill utilizes network requests to vendor APIs and execution of local Python scripts (scripts/fastmoss_product_search.py).
  • [PROMPT_INJECTION]: Sanitization: No sanitization or output validation mechanisms are specified for handling the retrieved product data before it is presented to the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 05:32 AM