linkfox-temu-returns-refunds-eu

Fail

Audited by Snyk on Jul 16, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The skill shows and encourages embedding secrets verbatim in shell/CLI commands (exporting LINKFOXAGENT_API_KEY and passing "accessToken" inline in the JSON argument to python), which forces an LLM or user to place secrets directly into generated output/commands — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.78). At runtime the required workflow calls Temu/LinkFox gateway endpoints (POST /temu/proxy and parses response.body via JSON.parse(body)), then prints/summarizes that gateway-returned JSON (which can include outsider-authored free text like errorMsg, afterSalesReasonDesc, buyerComment, address fields) into the agent’s LLM context via stdout/inline output.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). 该 skill 明确面向「退货与退款(Returns & Refunds)」场景,描述已接入多条 Partner Return and Refund 接口并内置了对 Temu Partner API 的网关(POST https://tool-gateway.linkfox.com/temu/proxy 与文件下载等)。这些接口/脚本集合专门用于售后退货与退款相关操作(即直接涉及发起/管理退款的业务能力),因此属于明确面向执行财务/退款操作的工具链,具有直接财务执行的能力。

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 16, 2026, 08:11 AM
Issues
3