linkfox-zhihuiya-patent-image-search
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits data, including the LINKFOXAGENT_API_KEY and image contents, to the vendor's gateway at tool-gateway.linkfox.com. This is standard functionality for the described patent search and image upload services.
- [COMMAND_EXECUTION]: The skill provides Python scripts (upload_image.py and zhihuiya_patent_image_search.py) for the agent to execute. These scripts facilitate interaction with the vendor's API and OSS storage to perform the requested patent analysis.
- [PROMPT_INJECTION]: The skill processes external data retrieved from the patent database (titles, abstracts, and descriptions). This represents a surface for indirect prompt injection, typical for search-based tools.
- Ingestion points: Patent records returned by the API in zhihuiya_patent_image_search.py.
- Boundary markers: Absent; results are displayed directly to the user/agent without explicit delimiters.
- Capability inventory: Subprocess execution of included scripts and network access via urllib.
- Sanitization: Not present in the script logic; the agent relies on its own safety filters when processing the search results.
Audit Metadata