Is Injection Possible through Dynamic LINQ?

Question

Using the Dynamic LINQ library (link), is it vulnerable to injection? and (if so) how can this be protected against?

Some background from Security Considerations (En

Answer 1

From what I know from examining the System.Data.Linq namespace is that an SQL object tree is built from the LINQ query and as part of this process the SqlParameterizer class is called to replace all inline values with parameters. The values are then assigned to the parameters. So SQL injection attacks should not be possible.