linkfox-temu-price-us
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFEDATA_EXFILTRATIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits business data and Temu access tokens to the vendor's API gateway at
tool-gateway.linkfox.com. This is the primary intended function of the skill to facilitate proxying requests to Temu's platform. - [CREDENTIALS_UNSAFE]: The skill provides mechanisms to store and retrieve Temu access tokens in a local configuration file at
~/.linkfox/temu-access-tokens.json. While this stores credentials on the local filesystem, it is the standard and documented method for managing authentication within this vendor's ecosystem of tools. - [EXTERNAL_DOWNLOADS]: Skill instructions may prompt the agent to download an auxiliary onboarding skill from the vendor's domain (
agent-files.linkfox.com) if it is not already present. As this originates from a trusted vendor source, it does not pose a security risk in this context. - [PROMPT_INJECTION]: The skill processes and displays data returned from external Temu APIs. While this constitutes a potential surface for indirect prompt injection, the skill's architecture includes output summarization for large payloads, which helps mitigate the risk of context poisoning from untrusted external data.
Audit Metadata