linkfox-shopee-store-shop-category

Fail

Audited by Snyk on Jul 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). The SKILL.md instructs downloading and extracting a release.zip from agent-files.linkfox.com to install a skill (a direct archived installer distributed outside an official package manager), which is a common vector for distributing malicious code and requires user consent and verification before running.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Runtime path: the skill calls Shopee via POST /shopee/developerProxy, then emit_result() serializes the full proxy response (outsider-authored API response body) and prints it to stdout (either full JSON when ≤8KB or a summary when >8KB), which becomes LLM-readable context.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 16, 2026, 08:09 AM
Issues
2