linkfox-temu-order-eu
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill's examples and CLI usage explicitly require embedding API tokens (e.g., accessToken, LINKFOXAGENT_API_KEY) directly in command-line JSON arguments and show exporting/printing keys, which requires the LLM to handle/output secret values verbatim.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). Runtime path: the skill calls Temu’s gateway (
scripts/_temu_common.py:96-121→scripts/_temu_eu_common.py:65-68→scripts/_temu_eu_common.py:89-91), parses the returned JSON (scripts/_temu_common.py:152-160), and then prints/summarizes it (scripts/_temu_common.py:309-333), so any free-text fields in the outsider-authored Temu response (e.g.,errorMsg,warning,fulfillmentWarning,customizedText) can enter the LLM context via the tool output.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata