linkfox-jiimore-niche-by-asin

Pass

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to vendor-controlled API endpoints at tool-gateway.linkfox.com and skill-api.linkfox.com to retrieve market data and handle user feedback.
  • [COMMAND_EXECUTION]: A Python script (scripts/jiimore_page_asins_by_asin.py) is used to execute API queries, processing user-provided JSON parameters for market analysis.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by ingesting and processing untrusted Amazon product metadata, such as titles and brand names.
  • Ingestion points: External data enters the agent's context through the JSON output of the jiimore_page_asins_by_asin.py script.
  • Boundary markers: The instructions mandate structured tabular displays for retrieved data but do not specify explicit delimiters or warnings to ignore embedded instructions within the ingested content.
  • Capability inventory: The skill possesses capabilities for local script execution and network communication but lacks file-system modification or sensitive data access rights.
  • Sanitization: The skill does not explicitly describe sanitization or filtering procedures for the product metadata retrieved from the external API.
Audit Metadata
Risk Level
SAFE
Analyzed
May 30, 2026, 12:05 AM