linkfox-shopee-store-bundle-deal

Fail

Audited by Snyk on Jul 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 1.00). There is a direct download link to a release.zip hosted on agent-files.linkfox.com (an external archive delivery URL) which is a high-risk delivery vector for executables/archives and is instructed to be downloaded/installed — this should be treated as suspicious and requires explicit user authorization before downloading.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). Runtime path: the skill calls POST /shopee/developerProxy and then emit_result() serializes the returned JSON (outsider-authored response body from Shopee/tool-gateway) and prints it to stdout (full or summarized), which can be ingested into the agent’s LLM context.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 16, 2026, 08:09 AM
Issues
2