linkfox-zhihuiya-description-data-translated
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install an onboarding configuration from 'https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip'. This resource is hosted on the developer's own domain.
- [COMMAND_EXECUTION]: A Python script 'scripts/zhihuiya_description_translated.py' is used to perform data retrieval and processing. The script manages local file storage for query results and implements a 24-hour caching mechanism in the 'linkfox/.cache' directory.
- [DATA_EXFILTRATION]: The skill reads the 'LINKFOX_AGENT_API_KEY' from environment variables and sends it to the vendor's API endpoint at 'https://tool-gateway.linkfox.com'. This is the standard and intended authentication method for the service.
- [PROMPT_INJECTION]: The skill processes patent description text from an external database, which constitutes a potential surface for indirect prompt injection.
- Ingestion points: The 'description' field in the JSON response from 'tool-gateway.linkfox.com' is processed and printed by 'scripts/zhihuiya_description_translated.py'.
- Boundary markers: No specific boundary markers or 'ignore' instructions are applied to the patent text output.
- Capability inventory: The skill can execute local Python scripts, write files to the project directory, and access the network for API calls.
- Sanitization: The patent description text is not sanitized before being presented to the agent context.
Audit Metadata