linkfox-shopee-store-first-mile

Fail

Audited by Snyk on Jul 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 1.00). One URL is a direct ZIP download hosted on a third‑party file server (agent-files.linkfox.com) used to distribute a skill—direct archive downloads from non-mainstream hosting are high-risk for malware distribution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Runtime calls POST /shopee/developerProxy and then emit_result() serializes the outsider (Shopee API) JSON response and prints it to stdout (or summarizes it), which becomes LLM-readable context; this is indirect prompt injection via third-party response body.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 16, 2026, 08:09 AM
Issues
2