linkfox-temu-returns-refunds-global
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication credentials, including Temu access tokens and LinkFox API keys. It employs a local storage pattern, saving tokens to
~/.linkfox/temu-access-tokens.jsonto avoid hardcoding and facilitate reuse. - [EXTERNAL_DOWNLOADS]: Network operations are directed to the vendor's official domain
tool-gateway.linkfox.com. These calls are used to proxy requests to the Temu platform and download necessary signed documents. - [DATA_EXFILTRATION]: To maintain session history, the skill writes API responses to local files in the
linkfox/directory. While this involves data being written to disk, it is a documented feature for logging and session management. - [PROMPT_INJECTION]: The skill ingests data from external API endpoints. Ingestion points: API response bodies retrieved from
tool-gateway.linkfox.com. Boundary markers: No specific delimiters are added to the API data. Capability inventory: Local file system writes and network communication. Sanitization: Standard JSON parsing is used without secondary instruction-filtering.
Audit Metadata