linkfox-ehunt-temu-product-query
Warn
Audited by Snyk on Jun 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.78). 该 skill 的运行时工作流会通过网关工具
POST ehunt/temu/productQuery获取上游返回的 JSON(包含products[].productName/productNameCn/tags/customTags等字段),这些上游文本属于 Temu/第三方数据源的自由文本并会被写入并进入 agent 的 LLM 上下文(至少是 preview 的 sample/shape,且在后续read取字段时会进一步注入)。
MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
- Hidden Unicode characters detected (1 type(s) found)
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W021
MEDIUMHidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
Audit Metadata