linkfox-zhihuiya-utility-patent-image-search
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download an onboarding component from
https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip. This is a vendor-owned domain used for distributing skill-related resources.\n- [COMMAND_EXECUTION]: The skill uses Python scripts (scripts/upload_image.pyandscripts/zhihuiya_patent_image_search.py) to handle file uploads and API communication. These scripts perform routine operations, such as making HTTP requests and writing search results to a locallinkfoxdirectory.\n- [DATA_EXFILTRATION]: User-provided local images are uploaded to the vendor's gateway (tool-gateway.linkfox.com) to generate a public URL for the search process. This is a core part of the skill's functional design for image-based searching.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external API data.\n - Ingestion points: The agent parses JSON data from the Zhihuiya API response in
scripts/zhihuiya_patent_image_search.py.\n - Boundary markers: The skill does not use explicit boundary markers or instructions to ignore embedded content within the search results.\n
- Capability inventory: The agent can execute local Python scripts and perform filesystem writes.\n
- Sanitization: API data is processed using standard JSON parsing without additional sanitization of text fields like titles or abstracts.
Audit Metadata