linkfox-zhihuiya-simple-bibliography
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Retrieves patent metadata from the vendor's API at
tool-gateway.linkfox.com. This is the intended functionality of the skill. - [COMMAND_EXECUTION]: Utilizes a Python script (
scripts/zhihuiya_simple_bibliography.py) to perform API calls. The script uses standard libraries and implements safe parameter handling by parsing inputs as JSON. - [DATA_EXFILTRATION]: Sends patent identifiers to the vendor's infrastructure to fulfill user requests. API authentication is managed through environment variables, which is a standard security practice.
- [PROMPT_INJECTION]: The skill retrieves and displays external data such as patent titles and abstracts, which constitutes a surface for indirect prompt injection.
- Ingestion points: Patent data returned by the API as described in
references/api.md. - Boundary markers: None are defined in the display rules within
SKILL.md. - Capability inventory: Network POST requests performed by the Python script in
scripts/zhihuiya_simple_bibliography.py. - Sanitization: There is no evidence of sanitization or filtering applied to the bibliographic content before it is presented to the user.
Audit Metadata