linkfox-youying-shopee-product-search
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to the vendor's official API endpoint (https://tool-gateway.linkfox.com/youying/shopee/getProductInfos) to retrieve Shopee product data. This is a legitimate and safe operation within the vendor's infrastructure for the skill's primary function.\n- [CREDENTIALS_UNSAFE]: Sensitive information is handled securely. The documentation and scripts correctly advise users to use environment variables (LINKFOXAGENT_API_KEY) to manage their API keys rather than hardcoding them into the skill files.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external product data from Shopee.\n
- Ingestion points: Product titles and descriptions are retrieved from the Shopee API via scripts/youying_shopee_search.py and placed into the agent's context.\n
- Boundary markers: The instructions guide the agent to format data into tables, but do not provide specific delimiters or ignore instructions to isolate the untrusted product content.\n
- Capability inventory: The skill includes Python scripts capable of making authenticated network requests to retrieve data.\n
- Sanitization: There is no explicit sanitization of the product text strings, which is standard for search-oriented tools.
Audit Metadata