linkfox-seerfar-ozon-product-detail-search
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Local execution of a Python script to facilitate API communication and data management.\n
- Evidence:
scripts/seerfar_ozon_product_detail_search.pyis invoked to call the Seerfar API and process the results.\n- [EXTERNAL_DOWNLOADS]: Retrieval of data and resources from vendor-managed infrastructure.\n - Evidence: API requests are directed to
tool-gateway.linkfox.comandskill-api.linkfox.com.\n - Evidence:
SKILL.mdcontains instructions to download an onboarding utility fromhttps://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip.\n- [DATA_EXFILTRATION]: Transmission of search parameters and tool feedback to vendor servers.\n - Evidence: Search parameters (SKUs) are sent to the Seerfar endpoint.\n
- Evidence: Usage sentiment and feedback content are transmitted to the LinkFox feedback API.\n- [PROMPT_INJECTION]: Processing of third-party product data creates an indirect injection surface.\n
- Ingestion points: Ozon product metadata such as titles and category paths are fetched and rendered from the Seerfar API.\n
- Boundary markers: None identified in the display rules.\n
- Capability inventory: Subprocess calls for network requests and file writing in
scripts/seerfar_ozon_product_detail_search.py.\n - Sanitization: No explicit sanitization or filtering of external content is specified.
Audit Metadata