linkfox-amazon-store-uploads

Fail

Audited by Snyk on May 30, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). 代码会将 Amazon accessToken、卖家标识及其它请求参数发送到外部网关(默认 https://tool-gateway.linkfox.com 或由环境变量配置的 API_BASE_URL),并把文件字节 PUT 到网关/网关返回的 URL,从而可能泄露凭证、PII 或上传用户文件到非受信任的远端——构成明确的数据外泄/凭证转发风险。

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (2)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 30, 2026, 12:04 AM
Issues
2