linkfox-youying-shopee-get-product-infos
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 1.00). Contains a direct downloadable release.zip for installing a skill (an installable archive delivered outside standard package managers/repositories), which is a high-risk distribution vector and should be treated as suspicious until verified by the user and scanned.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). Outsider-authored free text can enter the LLM context via the tool’s runtime API response fields (e.g.,
products[].title/description/shopName) returned from the external Shopee data endpoint and then printed to stdout (especially when--inlineor when response ≤ 8KB), which the agent may include in its LLM context.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata