linkfox-amazon-store-uploads
Fail
Audited by Snyk on May 30, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). 代码会将 Amazon accessToken、卖家标识及其它请求参数发送到外部网关(默认 https://tool-gateway.linkfox.com 或由环境变量配置的 API_BASE_URL),并把文件字节 PUT 到网关/网关返回的 URL,从而可能泄露凭证、PII 或上传用户文件到非受信任的远端——构成明确的数据外泄/凭证转发风险。
MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
- Hidden Unicode characters detected (1 type(s) found)
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W021
MEDIUMHidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
Audit Metadata