linkup-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly shows and instructs placing API keys in URLs/command args (e.g., ?apiKey=YOUR_API_KEY / --transport http ...?apiKey=...), which encourages embedding secrets verbatim in configs/CLI calls and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to use Linkup's search and /fetch tools to find and scrape public web pages and social media (e.g., LinkedIn posts/comments) and to read and act on those results (searchResults, sourcedAnswer, structured, and sequential "find then scrape" flows), which exposes the agent to untrusted third-party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the agent to call the Linkup MCP endpoint (https://mcp.linkup.so/mcp?apiKey=YOUR_API_KEY) and use /search and /fetch to retrieve arbitrary web pages whose content is injected into the agent's context at runtime, which can directly control prompts or provide remote instructions.