linkfox-temu-manage-product-eu
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous Python scripts in the scripts/ directory designed to perform specific product management tasks (e.g., listing, updating, deleting). These scripts are intended to be executed by the agent to interact with external APIs.
- [DATA_EXPOSURE]: The script _temu_token_store.py manages sensitive store credentials by saving accessToken values to ~/.linkfox/temu-access-tokens.json. This local storage is a standard pattern for CLI management tools to persist session data across calls.
- [DATA_EXFILTRATION]: The skill transmits store authentication tokens and business parameters to https://tool-gateway.linkfox.com. This destination is the vendor's official gateway for proxying Temu API requests and aligns with the tool's primary purpose.
- [INDIRECT_PROMPT_INJECTION]: The skill retrieves and processes untrusted product data (e.g., product titles and descriptions) from Temu, which could potentially contain malicious instructions.
- Ingestion points: API response bodies parsed in _temu_common.py (e.g., goodsName, goodsDesc).
- Boundary markers: None; data is printed to stdout and saved to JSON files.
- Capability inventory: The skill allows file system writes and network operations via provided scripts.
- Sanitization: No explicit sanitization of text content in API responses is performed before output.
Audit Metadata