linkfox-amazon-reviews-list

Fail

Audited by Snyk on Jul 15, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). Contains a direct download link to a release ZIP (agent-files.linkfox.com/skills/linkfox-onboarding/release.zip) that the skill instructs to download and install — distributing executable content via a custom file-hosting subdomain is a common malware vector and should be treated as suspicious unless verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Outsider-authored free text (Amazon customer review title/text fields) is fetched at runtime via the /amazon/reviews/list API and then serialized/printed to stdout (full JSON when ≤8KB or with --inline), which can be ingested into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Issues (3)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 15, 2026, 02:28 PM
Issues
3