linkfox-shopee-store-product
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). One URL points to a direct ZIP download (agent-files.linkfox.com/skills/linkfox-onboarding/release.zip) hosted outside major vetted CDNs/vendors which is used to distribute an installable skill — direct archives from such hosts can be used to distribute malware and require extra caution and user authorization.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). Outsider-authored free text can enter via the runtime HTTP responses from Shopee’s APIs (and/or the gateway) that are merged into
resultand then printed/summarized byemit_result, making it available to the agent’s LLM context (indirectly through stdout/summary), i.e.,call_api()→developer_proxy_call()→merge_shopee_body()→emit_result().
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata