Warn
Audited by Snyk on Mar 31, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md's "Installation" step explicitly instructs reading a raw GitHub URL ("Read https://raw.githubusercontent.com/lucaswhch/awesome-skills/main/skills/enterprise/linkedin/linkedin-engineer/SKILL.md and apply linkedin skill"), which requires fetching content from a public, user-hosted repository (untrusted third-party content) that the agent would be expected to read and apply—allowing that external content to materially change agent behavior.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata