linkedin

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). These URLs point to shell scripts on an unknown/nonstandard domain and the skill explicitly instructs using "curl ... | bash" and storing credentials locally—classic high‑risk indicators for remote code execution and credential exfiltration from an untrusted source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill automates a browser on linkedin.com and explicitly instructs the agent to navigate the feed, review recent posts from connections, paste and share article URLs, and add comments (see "Usage Examples" Example 2 and Example 4 and the Authentication Flow), which requires ingesting and acting on untrusted, user-generated third‑party content that could contain indirect prompt injections.