linkfox-junglescout-keyword-by-asin
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill follows security best practices by retrieving the required API key from the
LINKFOXAGENT_API_KEYenvironment variable instead of using hardcoded secrets. - [DATA_EXFILTRATION]: The skill transmits ASIN data and receives keyword metrics from
tool-gateway.linkfox.com. It also includes a feedback mechanism that sends usage telemetry toskill-api.linkfox.com. These operations are documented as part of the tool's functionality and target the vendor's own infrastructure. - [COMMAND_EXECUTION]: The logic is implemented in a Python script that uses standard library modules for networking and data handling. It does not invoke shell commands, spawn subprocesses, or perform other high-risk system operations.
- [SAFE]: The skill processes external data returned from the tool gateway API. While this represents a potential surface for indirect prompt injection, the risk is mitigated by the skill's limited capabilities and the use of a controlled vendor data source.
- Ingestion points: Keyword metadata and metrics returned from the Jungle Scout tool gateway API.
- Boundary markers: Not present in the current implementation.
- Capability inventory: Outbound network requests to vendor APIs via
urllib.request. - Sanitization: The script performs standard JSON parsing and validates marketplace and ASIN count constraints.
Audit Metadata