linkfox-shopee-store-add-on-deal
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 1.00). One URL is a direct ZIP download hosted on agent-files.linkfox.com with explicit instructions to download and install the skill (and to prompt the user for authorization), which matches high-risk patterns for distributing executables from a non-standard/personal file host.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). 该技能在运行时通过
call_api()调用外部DEVELOPER_PROXY_ENDPOINT(/shopee/developerProxy)并将其返回的 JSON 解析后在emit_result()中打印到 stdout/摘要,从而把“外部接口返回的自由文本/字段内容”(可包含注入性字符串)喂入 LLM 上下文。
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata