linkfox-temu-returns-refunds-eu

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Python scripts within the skill (e.g., _temu_common.py, temu_proxy.py) utilize the urllib.request module to perform POST requests to the vendor's infrastructure at https://tool-gateway.linkfox.com/temu/proxy and https://tool-gateway.linkfox.com/temu/fileDownload.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its processing of external API data.
  • Ingestion points: Untrusted data enters the agent context via API responses fetched by scripts like temu_eu_proxy.py and specialized endpoint scripts (e.g., eu_returns_refunds_aftersales_aftersales_list_get.py).
  • Boundary markers: API outputs containing potentially user-controlled text, such as afterSalesReasonDesc and buyerComment, are displayed and saved without boundary delimiters or instructions to the agent to ignore embedded commands.
  • Capability inventory: The skill has the capability to perform outbound network requests and write data to the local filesystem (as seen in _temu_common.py and _temu_token_store.py).
  • Sanitization: There is no evidence of sanitization or filtering of the content received from the Temu API before it is summarized or printed to stdout.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM