linkfox-seerfar-ozon-shop-search

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external e-commerce data from the /seerfar/ozon/shopSearch API, creating a surface for potential indirect prompt injection. This is a common characteristic of data-retrieval tools.\n
  • Ingestion points: API responses containing product metrics and error messages from the /seerfar/ozon/shopSearch endpoint.\n
  • Boundary markers: The script and instructions do not define explicit delimiters or 'ignore' instructions for the retrieved content.\n
  • Capability inventory: The tool has the capability to write JSON files to the local workspace via the Python execution script.\n
  • Sanitization: External API data is parsed as JSON and stored; no secondary sanitization is applied to string fields before display or logging.\n- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download a setup package from the vendor's domain at https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip if API keys are missing. This download targets the author's own infrastructure for legitimate onboarding purposes.\n- [COMMAND_EXECUTION]: The Python script scripts/seerfar_ozon_shop_search.py is executed to perform network communication with the tool gateway and manage local file operations (caching and data storage) within the linkfox/ directory of the workspace.\n- [CREDENTIALS_UNSAFE]: Authentication is handled by reading the LINKFOX_AGENT_API_KEY or LINKFOXAGENT_API_KEY environment variables. This is a secure and standard implementation for injecting secrets into the skill's environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM