linkedin

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These links point to an untrusted third‑party domain serving direct .sh installers (including an explicit curl | bash install) and setup scripts—classic high‑risk indicators because such scripts can execute arbitrary code or exfiltrate credentials.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to navigate linkedin.com and "review recent posts from connections" (Usage Examples / Example 4 and Authentication Flow), which requires ingesting and acting on untrusted, user-generated LinkedIn content that could carry indirect instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes explicit curl | bash install commands (https://canifi.com/skills/linkedin/install.sh and https://canifi.com/install.sh) that fetch and execute remote scripts as part of setup/install, and the skill relies on the resulting canifi components (canifi-env) to operate, so these URLs enable execution of remote code.