linkfox-temu-cancel-order-global
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with official vendor endpoints including
tool-gateway.linkfox.comandskill-api.linkfox.com. These interactions are used to proxy requests to the Temu platform and provide feedback mechanisms. - [CREDENTIALS_UNSAFE]: The skill manages sensitive Temu access tokens by storing them in
~/.linkfox/temu-access-tokens.json. This is the documented and intended behavior for the skill's credential management system. - [COMMAND_EXECUTION]: The skill's functionality is exposed via Python CLI scripts. These scripts use the standard library (
urllib.request) to perform network operations and interact with the local file system for logging and credential storage. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing and displaying data retrieved from external Temu APIs.
- Ingestion points: API responses are ingested and processed in
_temu_common.pyand_temu_global_common.py. - Boundary markers: None explicitly implemented; the skill outputs raw or summarized JSON to the console.
- Capability inventory: The skill has capabilities to read/write files in the user's home directory and current working directory, and perform network requests to the LinkFox gateway.
- Sanitization: The skill implements a summarization logic for responses exceeding 8KB to reduce the volume of raw data entering the agent's context.
Audit Metadata