linkfox-temu-returns-refunds-eu
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The skill shows and encourages embedding secrets verbatim in shell/CLI commands (exporting LINKFOXAGENT_API_KEY and passing "accessToken" inline in the JSON argument to python), which forces an LLM or user to place secrets directly into generated output/commands — an exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.78). At runtime the required workflow calls Temu/LinkFox gateway endpoints (
POST /temu/proxyand parsesresponse.bodyviaJSON.parse(body)), then prints/summarizes that gateway-returned JSON (which can include outsider-authored free text likeerrorMsg,afterSalesReasonDesc,buyerComment, address fields) into the agent’s LLM context via stdout/inline output.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). 该 skill 明确面向「退货与退款(Returns & Refunds)」场景,描述已接入多条 Partner Return and Refund 接口并内置了对 Temu Partner API 的网关(POST https://tool-gateway.linkfox.com/temu/proxy 与文件下载等)。这些接口/脚本集合专门用于售后退货与退款相关操作(即直接涉及发起/管理退款的业务能力),因此属于明确面向执行财务/退款操作的工具链,具有直接财务执行的能力。
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata