link-to-im
Fail
Audited by Snyk on Mar 30, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to collect secrets (API tokens, app secrets, chat IDs), confirm them (masked) but then write them verbatim into ~/.link-to-im/config.env and use them for token validation, which requires the LLM to handle full secret values and may embed them in commands—creating an exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill explicitly forwards user messages and attachments from public IM platforms (Telegram, Discord, Feishu/Lark, QQ) into the host agent (see SKILL.md and README where "messages from IM are forwarded to the coding agent" and RELEASE_NOTES/references state attachments are saved and injected into prompts), so untrusted, user-generated third‑party content is read and can influence tool use and agent actions.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata