linkfox-etsy-product-query
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). The skill instructs downloading and installing a ZIP from an agent-hosted domain (https://agent-files.linkfox.com/...), a direct archive distribution channel outside official package managers which is commonly used to deliver unverified executables and thus represents a high-risk download source.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill instructs at runtime to download and install an external skill from https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip which would fetch remote code that can change agent behavior (installing a skill), so this URL is a runtime external dependency that can control prompts/instructions.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata