Skills
skills/linkfox-ai/linkfox-skills/linkfox-sellersprite-competitor/Gen Agent Trust Hub

linkfox-sellersprite-competitor

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes and executes a Python script scripts/sellersprite_competitor_lookup.py to handle query parameters and perform network requests to the SellerSprite API.
  • [DATA_EXFILTRATION]: The script transmits search parameters and receives data from https://tool-gateway.linkfox.com and https://skill-api.linkfox.com. These are the vendor's own domains used for tool functionality and feedback collection.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection due to the handling of external product data. Ingestion points: scripts/sellersprite_competitor_lookup.py processes product titles, brand names, and category descriptions retrieved from an external API. Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the skill's logic. Capability inventory: The skill environment supports script execution and network access. Sanitization: No evidence of data sanitization or filtering was found for the external product content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 05:32 AM