linkfox-mpstats-ozon-product-search
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious instruction overrides or safety bypass attempts were detected in the skill's description or implementation.
- [DATA_EXFILTRATION]: No patterns of sensitive data harvesting or unauthorized exfiltration were found. The skill correctly instructs the agent to retrieve the API key from a secure environment variable (
LINKFOXAGENT_API_KEY) rather than hardcoding credentials. Network operations are directed solely to official vendor domains (linkfox.com). - [REMOTE_CODE_EXECUTION]: The skill does not download or execute scripts from remote servers. The provided Python script uses standard libraries for networking and data processing.
- [COMMAND_EXECUTION]: The script performs controlled shell execution for the specific purpose of API interaction, with no exposure to arbitrary system commands.
- [INDIRECT_PROMPT_INJECTION]: The skill has a low attack surface for indirect injection as it ingests data from an external API (product titles, seller names). However, the skill lacks high-privilege capabilities that would make such an injection exploitable, and no specific vulnerabilities were identified.
- [OBFUSCATION]: All instructions and code are provided in plain text. No Base64, zero-width characters, or homoglyph-based obfuscation techniques were detected.
Audit Metadata