linkfox-shopee-store-bundle-deal
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 1.00). There is a direct download link to a release.zip hosted on agent-files.linkfox.com (an external archive delivery URL) which is a high-risk delivery vector for executables/archives and is instructed to be downloaded/installed — this should be treated as suspicious and requires explicit user authorization before downloading.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). Runtime path: the skill calls
POST /shopee/developerProxyand thenemit_result()serializes the returned JSON (outsider-authored response body from Shopee/tool-gateway) and prints it to stdout (full or summarized), which can be ingested into the agent’s LLM context.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata