linkfox-temu-ads-global
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.80). The skill example and scripts instruct passing an accessToken inline in a command-line JSON argument and include scripts to save/read tokens, which requires handling and potentially emitting secret values verbatim (an exfiltration risk).
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). Temu gateway responses are treated as JSON and then serialized/printed (and partially summarized) via
scripts/_temu_common.py:call_temu_api()→parse_nested_body()→emit_result(); theresultoriginates from an external party (Temu/LinkFox gateway) and may contain free-text fields likeerrorMsg/reasonthat get injected into the LLM context through stdout.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata