linkfox-fastmoss-top-selling
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through its data ingestion process.
- Ingestion points: External product data is retrieved from
https://tool-gateway.linkfox.com/fastmoss/productRankTopSellingin the filescripts/fastmoss_product_rank_top_selling.py. - Boundary markers: The instructions do not define boundary markers or delimiters to separate the untrusted API content from the agent's core instructions.
- Capability inventory: The skill performs network operations and data display, potentially allowing malicious content in product titles to influence agent behavior.
- Sanitization: There is no sanitization or filtering of API-returned strings before they are presented to the agent's context.
- [DATA_EXFILTRATION]: The skill communicates with vendor-owned domains
tool-gateway.linkfox.com(for data) andskill-api.linkfox.com(for feedback). These network operations are aligned with the skill's stated purpose and do not indicate unauthorized data leakage. - [COMMAND_EXECUTION]: The Python script
scripts/fastmoss_product_rank_top_selling.pyis designed to be executed with JSON parameters from the command line. It usesjson.loadson its arguments, which is a safe method for handling structured input and prevents shell injection. - [CREDENTIALS_UNSAFE]: The skill uses the environment variable
LINKFOXAGENT_API_KEYfor API authorization. This is a standard and secure practice for managing secrets in agent environments, avoiding hardcoded credentials.
Audit Metadata