linkfox-zhihuiya-claim-data
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a Python script (scripts/zhihuiya_claim_data.py) to handle parameters and execute network requests to the database API.
- [DATA_EXFILTRATION]: The skill transmits patent identifiers and feedback data to vendor-controlled endpoints at tool-gateway.linkfox.com and skill-api.linkfox.com. These operations are consistent with the skill's documented functionality and author context.
- [PROMPT_INJECTION]: The skill processes external patent claim data, which presents an inherent surface for indirect prompt injection. 1. Ingestion points: Patent claims retrieved from the Zhihuiya API via scripts/zhihuiya_claim_data.py. 2. Boundary markers: Absent; no specific delimiters or warnings are used to isolate the data. 3. Capability inventory: Network access via urllib.request and script execution. 4. Sanitization: Absent; the raw claims text is returned for agent processing.
Audit Metadata