linkfox-walmart-search
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network requests to the vendor's API gateway (tool-gateway.linkfox.com) to retrieve Walmart product data. These operations are essential for the skill's search functionality and are limited to the documented endpoints.\n- [CREDENTIALS_UNSAFE]: The skill follows security best practices by retrieving the API key from the environment variable LINKFOXAGENT_API_KEY. It does not contain any hardcoded secrets or credentials.\n- [PROMPT_INJECTION]: The skill processes search results from Walmart's marketplace, creating a surface for potential indirect prompt injection.\n
- Ingestion points: Data including product titles and descriptions enter the context via search results in scripts/walmart_search.py.\n
- Boundary markers: None. Results are returned as raw JSON and displayed without delimiters that would signal the agent to ignore embedded instructions.\n
- Capability inventory: The skill is limited to calling the vendor's search API and printing data; it has no capabilities for file system modification or general command execution.\n
- Sanitization: The skill does not sanitize or filter product metadata before presenting it to the agent context.
Audit Metadata