linkfox-etsy-product-query

Fail

Audited by Snyk on Jul 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). The skill instructs downloading and installing a ZIP from an agent-hosted domain (https://agent-files.linkfox.com/...), a direct archive distribution channel outside official package managers which is commonly used to deliver unverified executables and thus represents a high-risk download source.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill instructs at runtime to download and install an external skill from https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip which would fetch remote code that can change agent behavior (installing a skill), so this URL is a runtime external dependency that can control prompts/instructions.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 16, 2026, 08:08 AM
Issues
2