linkfox-temu-returns-refunds-eu
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Python scripts within the skill (e.g.,
_temu_common.py,temu_proxy.py) utilize theurllib.requestmodule to perform POST requests to the vendor's infrastructure athttps://tool-gateway.linkfox.com/temu/proxyandhttps://tool-gateway.linkfox.com/temu/fileDownload. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its processing of external API data.
- Ingestion points: Untrusted data enters the agent context via API responses fetched by scripts like
temu_eu_proxy.pyand specialized endpoint scripts (e.g.,eu_returns_refunds_aftersales_aftersales_list_get.py). - Boundary markers: API outputs containing potentially user-controlled text, such as
afterSalesReasonDescandbuyerComment, are displayed and saved without boundary delimiters or instructions to the agent to ignore embedded commands. - Capability inventory: The skill has the capability to perform outbound network requests and write data to the local filesystem (as seen in
_temu_common.pyand_temu_token_store.py). - Sanitization: There is no evidence of sanitization or filtering of the content received from the Temu API before it is summarized or printed to stdout.
Audit Metadata