linkfox-seerfar-ozon-product-detail-search

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Local execution of a Python script to facilitate API communication and data management.\n
  • Evidence: scripts/seerfar_ozon_product_detail_search.py is invoked to call the Seerfar API and process the results.\n- [EXTERNAL_DOWNLOADS]: Retrieval of data and resources from vendor-managed infrastructure.\n
  • Evidence: API requests are directed to tool-gateway.linkfox.com and skill-api.linkfox.com.\n
  • Evidence: SKILL.md contains instructions to download an onboarding utility from https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip.\n- [DATA_EXFILTRATION]: Transmission of search parameters and tool feedback to vendor servers.\n
  • Evidence: Search parameters (SKUs) are sent to the Seerfar endpoint.\n
  • Evidence: Usage sentiment and feedback content are transmitted to the LinkFox feedback API.\n- [PROMPT_INJECTION]: Processing of third-party product data creates an indirect injection surface.\n
  • Ingestion points: Ozon product metadata such as titles and category paths are fetched and rendered from the Seerfar API.\n
  • Boundary markers: None identified in the display rules.\n
  • Capability inventory: Subprocess calls for network requests and file writing in scripts/seerfar_ozon_product_detail_search.py.\n
  • Sanitization: No explicit sanitization or filtering of external content is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM