linkfox-lanjing-mercado-product-selection
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download an onboarding package from the vendor's official domain at https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip to resolve configuration issues.
- [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/linkfox_lanjing_mercado_product_selection.py) to perform API calls and process data results.
- [DATA_EXFILTRATION]: The script transmits authentication tokens (API keys) and user-provided query parameters to the LinkFox gateway at tool-gateway.linkfox.com.
- [DATA_EXFILTRATION]: The script persists the full content of API responses to the local file system in a directory named linkfox within the project root for logging and caching purposes.
- [PROMPT_INJECTION]: The skill processes data from external Mercado Libre listings (such as titles and reviews) which represents an indirect prompt injection surface.
- Ingestion points: API responses containing item details and reviews are processed in scripts/linkfox_lanjing_mercado_product_selection.py.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when presenting retrieved data.
- Capability inventory: The execution script possesses network access and file system write capabilities.
- Sanitization: No explicit validation or filtering of the retrieved data content is performed before presentation to the agent context.
Audit Metadata