linkfox-temu-fulfillment-us
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The skill includes examples and usage that pass secrets (exporting API keys and embedding "accessToken" values) directly on the command line / in JSON CLI arguments, which requires the LLM or user to place secret values verbatim and is a high-risk secret-exfiltration pattern.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). The list includes a direct archive download (https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip…) that the skill explicitly tells the agent to download and install — direct zipped software distributed outside official package managers or verified release pages is a higher-risk delivery vector for malware.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.72). 该 skill 的运行时会调用 Temu/LinkFox 网关接口并把“完整响应”写入本地 JSON、且在响应体 ≤8KB 时将完整 JSON 直接打印到 stdout(供上层 LLM 读取),其中包含来自外部系统(Temu/合作仓/承运商等)的自由文本字段(如 errorMsg/warningMessage/failReasonText/estimatedText 等),属于“外部 API 返回内容”进入 LLM 上下文的间接提示注入路径。
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The SKILL explicitly instructs the agent at runtime to download and install remote code from https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip (SKILL.md:46), which would fetch a ZIP containing a skill that may execute code or control prompts and is relied on as a fallback for onboarding/auth flows.
Issues (4)
W007
HIGHInsecure credential handling detected in skill instructions.
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata