linkfox-shopee-store-media
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). One URL in the list is a direct download of a skill archive (release.zip) hosted on agent-files.linkfox.com with explicit instructions to unzip and install it, which is a high-risk distribution pattern for executables/archives and could be used to deliver malware if the source or package is not verified.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). Runtime path: the skill calls Shopee via
POST /shopee/developerProxy, thenemit_result()prints a summary or full JSON of the outsider (Shopee) response to stdout, which the agent can ingest into its LLM context.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata