linkup-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly shows and instructs placing API keys in URLs/command args (e.g., ?apiKey=YOUR_API_KEY / --transport http ...?apiKey=...), which encourages embedding secrets verbatim in configs/CLI calls and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill instructs the agent to use Linkup's web search and /fetch tools (including deep scraping, searchResults output, and explicit LinkedIn post/comment extraction) to retrieve and return raw content from public websites and social media, i.e., untrusted user-generated third-party sources that the agent is expected to read and interpret.