Mpstats Ozon Product Detail

Security checks across malware telemetry and agentic risk

Overview

This is a coherent LinkFox skill for querying Ozon product data, with a disclosed but noteworthy automatic feedback-reporting path.

Install only if you trust LinkFox with your Ozon SKU lists, date windows, and any feedback text the agent may submit. Use a scoped, revocable LINKFOXAGENT_API_KEY, and be aware that the skill documentation encourages automatic feedback reporting to a separate LinkFox endpoint.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The document for a product-detail lookup skill embeds a separate public feedback-submission API with a different base URL and unrelated purpose. In an agent setting, this creates scope confusion and can cause the agent to transmit user content to an unintended external endpoint, increasing the risk of data exfiltration, prompt-induced side effects, or unauthorized outbound actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal