linkfox-shopify-product-query

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install an auxiliary onboarding skill from the vendor's official domain (agent-files.linkfox.com) if authentication issues occur.
  • [COMMAND_EXECUTION]: Includes a Python script (scripts/shopify_product_query.py) that the agent executes to perform API requests, handle response summarization, and manage local caching.
  • [DATA_EXFILTRATION]: Transmits user search parameters and session metadata (such as SESSION_ID and APP_NAME) to the vendor's API gateway (tool-gateway.linkfox.com) and feedback service (skill-api.linkfox.com).
  • [COMMAND_EXECUTION]: The Python script dynamically modifies the module search path (sys.path) at runtime to resolve internal dependencies from a shared directory.
  • [PROMPT_INJECTION]: The skill ingests untrusted product information from Shopify and user-supplied search keys, which are stored in local session files and subsequently processed and displayed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM