linkfox-shopee-store-first-mile
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 1.00). One URL is a direct ZIP download hosted on a third‑party file server (agent-files.linkfox.com) used to distribute a skill—direct archive downloads from non-mainstream hosting are high-risk for malware distribution.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Runtime calls
POST /shopee/developerProxyand thenemit_result()serializes the outsider (Shopee API) JSON response and prints it to stdout (or summarizes it), which becomes LLM-readable context; this is indirect prompt injection via third-party response body.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata