linkfox-ehunt-temu-product-query

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.78). 该 skill 的运行时工作流会通过网关工具 POST ehunt/temu/productQuery 获取上游返回的 JSON(包含 products[].productName/productNameCn/tags/customTags 等字段),这些上游文本属于 Temu/第三方数据源的自由文本并会被写入并进入 agent 的 LLM 上下文(至少是 preview 的 sample/shape,且在后续 read 取字段时会进一步注入)。

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 02:08 AM
Issues
2