linkfox-ehunt-temu-store-query
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The helper script
scripts/response_io.pyutilizessubprocess.runto execute primary skill scripts. This architecture is designed to manage large API responses by capturing output and providing timeouts. The implementation uses the current Python interpreter and disables shell execution, which prevents shell-level command injection. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes data from external Temu store listings. Ingestion occurs through the
ehunt/temu/storeQueryendpoint. The skill lacks explicit boundary markers or sanitization for this third-party data, which is subsequently accessible to the agent's subprocess execution capabilities. - [EXTERNAL_DOWNLOADS]: The
scripts/response_io.pyscript references thejmespathlibrary for complex JSON processing. While not a standard library, the script includes a fallback mechanism if the package is not installed.
Audit Metadata