linkfox-shopee-store-first-mile

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script _shopee_first_mile_common.py uses subprocess.run to execute a local dependency checker script (check_auth_dependency.py). This is used solely for internal integrity checks to ensure necessary sibling skills are installed and does not process any untrusted external input.
  • [EXTERNAL_DOWNLOADS]: SKILL.md provides a link to download an onboarding package from agent-files.linkfox.com. This is a vendor-controlled domain used for legitimate skill setup and configuration.
  • [DATA_EXFILTRATION]: The skill communicates with tool-gateway.linkfox.com and skill-api.linkfox.com to perform Shopee API operations and send feedback. These are vendor-owned domains and are required for the skill's primary functionality.
  • [CREDENTIALS_UNSAFE]: The skill correctly retrieves authentication tokens from environment variables (LINKFOX_AGENT_API_KEY) and does not contain any hardcoded secrets or sensitive information.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM