linkfox-sif-keyword-traffic

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXFILTRATION]: The skill sends query parameters to a vendor-owned endpoint (tool-gateway.linkfox.com) used for the skill's primary function. This is standard behavior for this type of tool.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data from external sources (Amazon product listings via API) which could theoretically contain malicious instructions embedded by third parties.
  • Ingestion points: API responses processed in scripts/sif_keyword_traffic.py containing fields like productTitle and productFeatures.
  • Boundary markers: No explicit delimiters are used to wrap external content in the instructions.
  • Capability inventory: The skill is limited to making network requests to the vendor's API.
  • Sanitization: The script performs input validation on parameters, though no specific sanitization of the returned data is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 11:54 AM