linkfox-seerfar-ozon-shop-search
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes external e-commerce data from the
/seerfar/ozon/shopSearchAPI, creating a surface for potential indirect prompt injection. This is a common characteristic of data-retrieval tools.\n - Ingestion points: API responses containing product metrics and error messages from the
/seerfar/ozon/shopSearchendpoint.\n - Boundary markers: The script and instructions do not define explicit delimiters or 'ignore' instructions for the retrieved content.\n
- Capability inventory: The tool has the capability to write JSON files to the local workspace via the Python execution script.\n
- Sanitization: External API data is parsed as JSON and stored; no secondary sanitization is applied to string fields before display or logging.\n- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download a setup package from the vendor's domain at
https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zipif API keys are missing. This download targets the author's own infrastructure for legitimate onboarding purposes.\n- [COMMAND_EXECUTION]: The Python scriptscripts/seerfar_ozon_shop_search.pyis executed to perform network communication with the tool gateway and manage local file operations (caching and data storage) within thelinkfox/directory of the workspace.\n- [CREDENTIALS_UNSAFE]: Authentication is handled by reading theLINKFOX_AGENT_API_KEYorLINKFOXAGENT_API_KEYenvironment variables. This is a secure and standard implementation for injecting secrets into the skill's environment.
Audit Metadata