linkfox-jiimore-niche-by-asin
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to vendor-controlled API endpoints at
tool-gateway.linkfox.comandskill-api.linkfox.comto retrieve market data and handle user feedback. - [COMMAND_EXECUTION]: A Python script (
scripts/jiimore_page_asins_by_asin.py) is used to execute API queries, processing user-provided JSON parameters for market analysis. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by ingesting and processing untrusted Amazon product metadata, such as titles and brand names.
- Ingestion points: External data enters the agent's context through the JSON output of the
jiimore_page_asins_by_asin.pyscript. - Boundary markers: The instructions mandate structured tabular displays for retrieved data but do not specify explicit delimiters or warnings to ignore embedded instructions within the ingested content.
- Capability inventory: The skill possesses capabilities for local script execution and network communication but lacks file-system modification or sensitive data access rights.
- Sanitization: The skill does not explicitly describe sanitization or filtering procedures for the product metadata retrieved from the external API.
Audit Metadata