The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local Python script scripts/sif_keyword_overview.py to process user queries and interact with the LinkFox API. This script is well-structured and performs input validation on the keyword and country parameters.
[EXTERNAL_DOWNLOADS]: The skill performs network requests to https://tool-gateway.linkfox.com/sif/keywordOverview to fetch market data and https://skill-api.linkfox.com/api/v1/public/feedback to report usage feedback. These endpoints are owned by the skill's vendor and represent the primary intended functionality of the skill.
[DATA_EXPOSURE]: The skill utilizes an environment variable LINKFOXAGENT_API_KEY for API authentication. This is a standard and recommended practice for managing secrets in AI agent environments, and there is no evidence of this key being transmitted to unauthorized third parties.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing user-supplied keywords and rendering data from an external API.
Ingestion points: The keyword parameter is accepted via user input and passed to the API call in scripts/sif_keyword_overview.py.
Boundary markers: There are no explicit boundary markers or instructions in SKILL.md directing the agent to ignore potential instructions embedded within the keywords or the resulting API response.
Capability inventory: The skill includes network access via Python's urllib library in scripts/sif_keyword_overview.py.
Sanitization: The script implements basic length validation (1000 characters) and standard JSON serialization for the API payload, which mitigates simple injection attempts.

linkfox-sif-keyword-overview