linkfox-tsearch-web-search
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits search queries and an authentication token to the vendor-controlled domain tool-gateway.linkfox.com. This is the intended behavior for the search service provided by linkfox-ai.
- [COMMAND_EXECUTION]: The skill includes a Python script (scripts/tsearch_web_search.py) that is designed to be executed by the agent. It uses the standard urllib library to facilitate network communication with the search API.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes unstructured content from external web pages, which are untrusted sources.
- Ingestion points: Data from arbitrary websites is retrieved via the API in scripts/tsearch_web_search.py and passed into the agent's context in the searchList[].content field.
- Boundary markers: Absent. The skill does not define delimiters or provide instructions to ignore commands that may be embedded within the retrieved web content.
- Capability inventory: The skill has the capability to perform network requests to search and feedback endpoints.
- Sanitization: Absent. The retrieved content is passed directly to the agent without filtering or escaping potentially malicious instructions.
Audit Metadata