linkfox-temu-returns-refunds-global

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication credentials, including Temu access tokens and LinkFox API keys. It employs a local storage pattern, saving tokens to ~/.linkfox/temu-access-tokens.json to avoid hardcoding and facilitate reuse.
  • [EXTERNAL_DOWNLOADS]: Network operations are directed to the vendor's official domain tool-gateway.linkfox.com. These calls are used to proxy requests to the Temu platform and download necessary signed documents.
  • [DATA_EXFILTRATION]: To maintain session history, the skill writes API responses to local files in the linkfox/ directory. While this involves data being written to disk, it is a documented feature for logging and session management.
  • [PROMPT_INJECTION]: The skill ingests data from external API endpoints. Ingestion points: API response bodies retrieved from tool-gateway.linkfox.com. Boundary markers: No specific delimiters are added to the API data. Capability inventory: Local file system writes and network communication. Sanitization: Standard JSON parsing is used without secondary instruction-filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:09 AM