linkfox-sif-keyword-traffic
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill sends query parameters to a vendor-owned endpoint (tool-gateway.linkfox.com) used for the skill's primary function. This is standard behavior for this type of tool.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from external sources (Amazon product listings via API) which could theoretically contain malicious instructions embedded by third parties.
- Ingestion points: API responses processed in
scripts/sif_keyword_traffic.pycontaining fields likeproductTitleandproductFeatures. - Boundary markers: No explicit delimiters are used to wrap external content in the instructions.
- Capability inventory: The skill is limited to making network requests to the vendor's API.
- Sanitization: The script performs input validation on parameters, though no specific sanitization of the returned data is mentioned.
Audit Metadata