Skills
skills/linkfox-ai/linkfox-skills/linkfox-jiimore-niche-info/Gen Agent Trust Hub

linkfox-jiimore-niche-info

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill connects to https://tool-gateway.linkfox.com to retrieve market data and https://skill-api.linkfox.com for feedback reporting. These are official vendor endpoints for 'linkfox-ai' and are used as intended for the skill's primary function.
  • [CREDENTIALS_UNSAFE]: Authentication is handled correctly via the LINKFOXAGENT_API_KEY environment variable. The skill provides clear instructions for users to set this variable themselves, avoiding hardcoded secrets.
  • [COMMAND_EXECUTION]: The Python script jiimore_get_niche_info.py uses standard libraries (urllib, json) to perform its tasks and does not involve arbitrary command execution or shell spawning.
  • [DATA_EXPOSURE]: While the skill retrieves external data, it does not access sensitive local files (such as SSH keys or AWS credentials) or exfiltrate private user information.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests data from an external API (jiimore/getNicheInfo) and presents it to the user.
  • Ingestion points: Data enters the agent context from the JSON response of the Jiimore API, specifically fields like nicheTitle and positiveCustomerReviewInsights.
  • Boundary markers: None explicitly defined in the instructions to separate API data from instructions.
  • Capability inventory: The skill is limited to displaying structured data and images in the chat interface.
  • Sanitization: The Python script parses the response as JSON but does not perform content sanitization. However, given the structured nature of the data and limited capabilities, the risk is minimal.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 05:32 AM