linkfox-shopee-store-first-mile
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
_shopee_first_mile_common.pyusessubprocess.runto execute a local dependency checker script (check_auth_dependency.py). This is used solely for internal integrity checks to ensure necessary sibling skills are installed and does not process any untrusted external input. - [EXTERNAL_DOWNLOADS]:
SKILL.mdprovides a link to download an onboarding package fromagent-files.linkfox.com. This is a vendor-controlled domain used for legitimate skill setup and configuration. - [DATA_EXFILTRATION]: The skill communicates with
tool-gateway.linkfox.comandskill-api.linkfox.comto perform Shopee API operations and send feedback. These are vendor-owned domains and are required for the skill's primary functionality. - [CREDENTIALS_UNSAFE]: The skill correctly retrieves authentication tokens from environment variables (
LINKFOX_AGENT_API_KEY) and does not contain any hardcoded secrets or sensitive information.
Audit Metadata