Skills
skills/linkfox-ai/linkfox-skills/linkfox-youying-shopee-product-search/Gen Agent Trust Hub

linkfox-youying-shopee-product-search

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill utilizes the LINKFOXAGENT_API_KEY for authentication. It correctly directs users to manage this credential via environment variables rather than hardcoding it, adhering to standard security practices for secret management.
  • [COMMAND_EXECUTION]: The provided script scripts/youying_shopee_search.py is a utility for making authenticated POST requests to the LinkFox tool gateway. It does not perform any suspicious command execution or local system modifications beyond its intended purpose of fetching product data.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted product titles and descriptions from Shopee.
  • Ingestion points: Product data is fetched from the vendor's API endpoint defined in references/api.md.
  • Boundary markers: None are defined in the instructions for the agent when processing external product content.
  • Capability inventory: The skill has the ability to execute network requests via scripts/youying_shopee_search.py and display formatted output to the user.
  • Sanitization: There is no explicit sanitization logic described for the external product text strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 05:32 AM