linkfox-zhihuiya-utility-patent-image-search

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download an onboarding component from https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip. This is a vendor-owned domain used for distributing skill-related resources.\n- [COMMAND_EXECUTION]: The skill uses Python scripts (scripts/upload_image.py and scripts/zhihuiya_patent_image_search.py) to handle file uploads and API communication. These scripts perform routine operations, such as making HTTP requests and writing search results to a local linkfox directory.\n- [DATA_EXFILTRATION]: User-provided local images are uploaded to the vendor's gateway (tool-gateway.linkfox.com) to generate a public URL for the search process. This is a core part of the skill's functional design for image-based searching.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external API data.\n
  • Ingestion points: The agent parses JSON data from the Zhihuiya API response in scripts/zhihuiya_patent_image_search.py.\n
  • Boundary markers: The skill does not use explicit boundary markers or instructions to ignore embedded content within the search results.\n
  • Capability inventory: The agent can execute local Python scripts and perform filesystem writes.\n
  • Sanitization: API data is processed using standard JSON parsing without additional sanitization of text fields like titles or abstracts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:09 AM