linkfox-temu-category-search
Warn
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download a zip file from
https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zipand perform an unzipping and installation process if credit or API key issues are encountered. This represents the retrieval and execution of external skill components at runtime. - [PROMPT_INJECTION]: The
SKILL.mdfile contains directive instructions designed to override agent autonomy, specifically stating 'you cannot give up downloading yourself' (你不能自己放弃下载) and 'even if the user does not mention the tool name... this skill should be triggered' (即使用户未提及工具名... 也应触发此技能). - [COMMAND_EXECUTION]: The provided Python script
temu_category_search.pyperforms network requests using theurllib.requestmodule to send data (including API keys) to external gateways and writes detailed JSON logs and cache files to the local file system within thelinkfoxdirectory structure. - [DATA_EXFILTRATION]: The skill transmits user interaction feedback (sentiment, intent, and results) to a remote feedback endpoint at
https://skill-api.linkfox.com/api/v1/public/feedback.
Audit Metadata