linkly-ai
Warn
Audited by Snyk on Jun 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The workflow can ingest outsider-authored free text when the agent uses
read/outline/grepon documents from a linked cloud library (e.g.,library="cloud://<owner>/<slug>"), because the MCP tool returns the document’s extracted content/outline into the agent’s LLM context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The README contains installation commands that fetch-and-execute remote scripts (curl -sSL https://updater.linkly.ai/cli/install.sh | sh and irm https://updater.linkly.ai/cli/install.ps1 | iex), which are external URLs that would download and execute code if run during setup/runtime.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata