linkedin

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.95). These URLs host direct shell scripts on an unfamiliar domain and the skill explicitly tells users to run "curl ... | bash" and download/execute installers (install.sh / setup scripts), which is a common high-risk pattern for malware or credential-stealing software.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to navigate linkedin.com and "review recent posts from connections" (Usage Examples / Example 4 and Authentication Flow), which requires ingesting and acting on untrusted, user-generated LinkedIn content that could carry indirect instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes explicit curl | bash install commands (https://canifi.com/skills/linkedin/install.sh and https://canifi.com/install.sh) that fetch and execute remote scripts as part of setup/install, and the skill relies on the resulting canifi components (canifi-env) to operate, so these URLs enable execution of remote code.