linkfox-temu-ads-global

Fail

Audited by Snyk on Jul 16, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The skill example and scripts instruct passing an accessToken inline in a command-line JSON argument and include scripts to save/read tokens, which requires handling and potentially emitting secret values verbatim (an exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). Temu gateway responses are treated as JSON and then serialized/printed (and partially summarized) via scripts/_temu_common.py:call_temu_api()parse_nested_body()emit_result(); the result originates from an external party (Temu/LinkFox gateway) and may contain free-text fields like errorMsg/reason that get injected into the LLM context through stdout.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 16, 2026, 08:10 AM
Issues
2