linkfox-lanjing-mercado-product-selection

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download an onboarding package from the vendor's official domain at https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip to resolve configuration issues.
  • [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/linkfox_lanjing_mercado_product_selection.py) to perform API calls and process data results.
  • [DATA_EXFILTRATION]: The script transmits authentication tokens (API keys) and user-provided query parameters to the LinkFox gateway at tool-gateway.linkfox.com.
  • [DATA_EXFILTRATION]: The script persists the full content of API responses to the local file system in a directory named linkfox within the project root for logging and caching purposes.
  • [PROMPT_INJECTION]: The skill processes data from external Mercado Libre listings (such as titles and reviews) which represents an indirect prompt injection surface.
  • Ingestion points: API responses containing item details and reviews are processed in scripts/linkfox_lanjing_mercado_product_selection.py.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when presenting retrieved data.
  • Capability inventory: The execution script possesses network access and file system write capabilities.
  • Sanitization: No explicit validation or filtering of the retrieved data content is performed before presentation to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM