linkfox-temu-fulfillment-us

Fail

Audited by Snyk on Jul 16, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The skill includes examples and usage that pass secrets (exporting API keys and embedding "accessToken" values) directly on the command line / in JSON CLI arguments, which requires the LLM or user to place secret values verbatim and is a high-risk secret-exfiltration pattern.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). The list includes a direct archive download (https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip…) that the skill explicitly tells the agent to download and install — direct zipped software distributed outside official package managers or verified release pages is a higher-risk delivery vector for malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.72). 该 skill 的运行时会调用 Temu/LinkFox 网关接口并把“完整响应”写入本地 JSON、且在响应体 ≤8KB 时将完整 JSON 直接打印到 stdout(供上层 LLM 读取),其中包含来自外部系统(Temu/合作仓/承运商等)的自由文本字段(如 errorMsg/warningMessage/failReasonText/estimatedText 等),属于“外部 API 返回内容”进入 LLM 上下文的间接提示注入路径。

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The SKILL explicitly instructs the agent at runtime to download and install remote code from https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip (SKILL.md:46), which would fetch a ZIP containing a skill that may execute code or control prompts and is relied on as a fallback for onboarding/auth flows.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 16, 2026, 08:10 AM
Issues
4