linkfox-shopee-store-media

Fail

Audited by Snyk on Jul 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). One URL in the list is a direct download of a skill archive (release.zip) hosted on agent-files.linkfox.com with explicit instructions to unzip and install it, which is a high-risk distribution pattern for executables/archives and could be used to deliver malware if the source or package is not verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). Runtime path: the skill calls Shopee via POST /shopee/developerProxy, then emit_result() prints a summary or full JSON of the outsider (Shopee) response to stdout, which the agent can ingest into its LLM context.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 16, 2026, 08:09 AM
Issues
2