linkfox-fastmoss-top-selling

Pass

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through its data ingestion process.
  • Ingestion points: External product data is retrieved from https://tool-gateway.linkfox.com/fastmoss/productRankTopSelling in the file scripts/fastmoss_product_rank_top_selling.py.
  • Boundary markers: The instructions do not define boundary markers or delimiters to separate the untrusted API content from the agent's core instructions.
  • Capability inventory: The skill performs network operations and data display, potentially allowing malicious content in product titles to influence agent behavior.
  • Sanitization: There is no sanitization or filtering of API-returned strings before they are presented to the agent's context.
  • [DATA_EXFILTRATION]: The skill communicates with vendor-owned domains tool-gateway.linkfox.com (for data) and skill-api.linkfox.com (for feedback). These network operations are aligned with the skill's stated purpose and do not indicate unauthorized data leakage.
  • [COMMAND_EXECUTION]: The Python script scripts/fastmoss_product_rank_top_selling.py is designed to be executed with JSON parameters from the command line. It uses json.loads on its arguments, which is a safe method for handling structured input and prevents shell injection.
  • [CREDENTIALS_UNSAFE]: The skill uses the environment variable LINKFOXAGENT_API_KEY for API authorization. This is a standard and secure practice for managing secrets in agent environments, avoiding hardcoded credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
May 30, 2026, 12:05 AM