linkfox-echotik-product-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls the external EchoTik API at https://tool-gateway.linkfox.com/echotik/listProduct (see references/api.md and SKILL.md) and ingests product data fields like productName/title/imageUrl from public TikTok Shop listings, which the agent is instructed to read, display, and use to drive searches/decisions—exposing it to untrusted, user-generated third-party content that could carry indirect prompt-injection payloads.