linkfox-temu-cancel-order-global

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill communicates with official vendor endpoints including tool-gateway.linkfox.com and skill-api.linkfox.com. These interactions are used to proxy requests to the Temu platform and provide feedback mechanisms.
  • [CREDENTIALS_UNSAFE]: The skill manages sensitive Temu access tokens by storing them in ~/.linkfox/temu-access-tokens.json. This is the documented and intended behavior for the skill's credential management system.
  • [COMMAND_EXECUTION]: The skill's functionality is exposed via Python CLI scripts. These scripts use the standard library (urllib.request) to perform network operations and interact with the local file system for logging and credential storage.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing and displaying data retrieved from external Temu APIs.
  • Ingestion points: API responses are ingested and processed in _temu_common.py and _temu_global_common.py.
  • Boundary markers: None explicitly implemented; the skill outputs raw or summarized JSON to the console.
  • Capability inventory: The skill has capabilities to read/write files in the user's home directory and current working directory, and perform network requests to the LinkFox gateway.
  • Sanitization: The skill implements a summarization logic for responses exceeding 8KB to reduce the volume of raw data entering the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM