linkfox-shopee-store-orders
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). The URLs are mostly official Shopee docs and internal LinkFox endpoints, but one entry points to a direct ZIP download (https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip… ) hosted outside standard package managers — direct archive downloads for installing software are a higher-risk distribution vector and could contain executables/malware.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). 该 skill 在运行时通过
call_api()调用外部网关/shopee/developerProxy获取响应体,并在emit_result()中将该响应(可能包含外部/第三方返回的自由文本字段)直接打印到 stdout(小响应)或摘要打印到 stdout(大响应),从而进入代理/LLM 的上下文;属于“外部 API 返回内容(非用户选择引入的文本)”类别。
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata