linkfox-seerfar-ozon-keyword-back-search

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs legitimate API requests to "tool-gateway.linkfox.com" to fetch Ozon keyword data. This domain is owned by the vendor and is essential for the skill's primary functionality.
  • [COMMAND_EXECUTION]: The skill executes a local Python script "scripts/seerfar_ozon_keyword_back_search.py" to handle API communication. The script is self-contained, uses only standard Python libraries, and does not perform any suspicious sub-process calls.
  • [SAFE]: API authentication is managed through environment variables ("LINKFOX_AGENT_API_KEY"), which is a secure and standard practice for avoiding credential exposure in source code.
  • [SAFE]: The skill implements a structured local caching and data persistence system within the project's "linkfox/" directory, avoiding the use of insecure global temporary folders.
  • [SAFE]: The skill processes data from the Ozon API (such as keyword strings and product titles). While this represents a standard indirect prompt injection surface for any data-retrieval tool, no malicious patterns were detected, and the documentation recommends using structured parsing tools to handle results safely.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM