linkfox-tsearch-search
Warn
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
SKILL.mdfile contains instructions for the agent to download a compressed archive fromhttps://agent-files.linkfox.com/skills/linkfox-onboarding/release.zipas a contingency for authentication issues. - [REMOTE_CODE_EXECUTION]: The skill documentation directs the agent to install the onboarding skill retrieved from a remote URL. This process of fetching and loading external logic into the agent's environment constitutes a remote code execution vector.
- [DATA_EXFILTRATION]: The Python script
tsearch_web_search.pytransmits session identifiers (SESSION_ID,MODE_ID,APP_NAME) to the vendor's infrastructure attool-gateway.linkfox.com. It also accesses API keys stored in environment variables. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from malicious search results. Ingestion points: External content is ingested via the
contentfield inscripts/tsearch_web_search.py. Boundary markers: The instructions lack markers or warnings and instead command the agent to summarize content directly without using a data analysis sandbox. Capability inventory: The skill can perform file system writes and network operations. Sanitization: There is no implementation for filtering or sanitizing the retrieved web content.
Audit Metadata