linkfox-shopee-store-follow-prize
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 1.00). Contains a direct download link to a ZIP (agent-files.linkfox.com/skills/linkfox-onboarding/release.zip) hosted on a non-standard/personal file server with explicit instructions to download and install — a high-risk distribution vector for arbitrary/malicious code.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Runtime calls Shopee’s
POST /shopee/developerProxyand then serializes the returned JSON (outsider-authored API response body) into the agent-visible stdout context viaemit_result()(full JSON when--inlineor ≤8KB, otherwise a printed summary).
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata