linkfox-zhihuiya-patent-forward-citation
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install an auxiliary onboarding skill from a vendor-controlled URL (https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip) if local configuration is missing. This is a vendor-provided resource used for environment setup.\n- [COMMAND_EXECUTION]: Executes the local Python script
scripts/zhihuiya_cited_references.pyto process patent data and manage API interactions.\n- [DATA_EXFILTRATION]: Performs network requests to vendor APIs attool-gateway.linkfox.comandskill-api.linkfox.comto retrieve patent information and submit feedback. These endpoints are owned by the skill vendor.\n- [CREDENTIALS_UNSAFE]: The skill reads API credentials from theLINKFOX_AGENT_API_KEYandLINKFOXAGENT_API_KEYenvironment variables, which is a standard method for managing secrets in agent environments.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and processing data from an external patent database.\n - Ingestion points: User-provided patent identifiers and citation data retrieved from the Zhihuiya API processed by the Python script.\n
- Boundary markers: Data is structured in JSON and presented in tables, but there are no explicit delimiters or instructions to ignore embedded commands in the external data.\n
- Capability inventory: The skill can execute Python scripts, write data files to the project directory, and perform network requests.\n
- Sanitization: No evidence of sanitization or filtering of the content returned from the external patent database was found.
Audit Metadata