linkfox-shopify-product-query
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install an auxiliary onboarding skill from the vendor's official domain (
agent-files.linkfox.com) if authentication issues occur. - [COMMAND_EXECUTION]: Includes a Python script (
scripts/shopify_product_query.py) that the agent executes to perform API requests, handle response summarization, and manage local caching. - [DATA_EXFILTRATION]: Transmits user search parameters and session metadata (such as SESSION_ID and APP_NAME) to the vendor's API gateway (
tool-gateway.linkfox.com) and feedback service (skill-api.linkfox.com). - [COMMAND_EXECUTION]: The Python script dynamically modifies the module search path (
sys.path) at runtime to resolve internal dependencies from a shared directory. - [PROMPT_INJECTION]: The skill ingests untrusted product information from Shopify and user-supplied search keys, which are stored in local session files and subsequently processed and displayed by the agent.
Audit Metadata