linkfox-temu-add-product-us
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes numerous Python scripts in the
scripts/directory designed to be executed by the AI agent. These scripts serve as wrappers for Temu API calls and follow standard command-line interface patterns. - [EXTERNAL_DOWNLOADS]: The scripts communicate with the vendor's gateway at
https://tool-gateway.linkfox.comto fetch product information and upload image data. This is the primary intended functionality of the skill. - [DATA_EXFILTRATION]: User-provided Temu
accessTokenand LinkFoxLINKFOX_AGENT_API_KEYare transmitted to the vendor's gateway to authenticate API requests. This transmission is necessary for the tool's operation and targets the vendor's infrastructure. - [CREDENTIALS_SAFE]: The skill manages sensitive tokens by retrieving them from environment variables or a local JSON file located at
~/.linkfox/temu-access-tokens.json. It does not contain any hardcoded credentials. - [DATA_LOGGING]: The skill implements a logging mechanism in
_temu_common.pythat saves full API responses to a locallinkfox/directory. This allows for persistent storage of transaction data outside of the immediate agent context, with logic to summarize large outputs to maintain performance.
Audit Metadata