linkfox-seerfar-ozon-keyword-back-search
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs legitimate API requests to "tool-gateway.linkfox.com" to fetch Ozon keyword data. This domain is owned by the vendor and is essential for the skill's primary functionality.
- [COMMAND_EXECUTION]: The skill executes a local Python script "scripts/seerfar_ozon_keyword_back_search.py" to handle API communication. The script is self-contained, uses only standard Python libraries, and does not perform any suspicious sub-process calls.
- [SAFE]: API authentication is managed through environment variables ("LINKFOX_AGENT_API_KEY"), which is a secure and standard practice for avoiding credential exposure in source code.
- [SAFE]: The skill implements a structured local caching and data persistence system within the project's "linkfox/" directory, avoiding the use of insecure global temporary folders.
- [SAFE]: The skill processes data from the Ozon API (such as keyword strings and product titles). While this represents a standard indirect prompt injection surface for any data-retrieval tool, no malicious patterns were detected, and the documentation recommends using structured parsing tools to handle results safely.
Audit Metadata