linkfox-zhihuiya-description-data-translated

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install an onboarding configuration from 'https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip'. This resource is hosted on the developer's own domain.
  • [COMMAND_EXECUTION]: A Python script 'scripts/zhihuiya_description_translated.py' is used to perform data retrieval and processing. The script manages local file storage for query results and implements a 24-hour caching mechanism in the 'linkfox/.cache' directory.
  • [DATA_EXFILTRATION]: The skill reads the 'LINKFOX_AGENT_API_KEY' from environment variables and sends it to the vendor's API endpoint at 'https://tool-gateway.linkfox.com'. This is the standard and intended authentication method for the service.
  • [PROMPT_INJECTION]: The skill processes patent description text from an external database, which constitutes a potential surface for indirect prompt injection.
  • Ingestion points: The 'description' field in the JSON response from 'tool-gateway.linkfox.com' is processed and printed by 'scripts/zhihuiya_description_translated.py'.
  • Boundary markers: No specific boundary markers or 'ignore' instructions are applied to the patent text output.
  • Capability inventory: The skill can execute local Python scripts, write files to the project directory, and access the network for API calls.
  • Sanitization: The patent description text is not sanitized before being presented to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM