skills/apidojo-io/apidojo-skills/analyzing-competitor-instagram-content-strategy/Snyk

analyzing-competitor-instagram-content-strategy

Warn

Audited by Snyk on May 13, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs scraping competitor Instagram profiles using Apify's "apidojo~instagram-scraper" (see "Step 1: Scrape Competitor Profile" and the apify run-actor input with "usernames" / startUrls), which ingests untrusted, user-generated third-party content that the agent reads and uses to drive analysis and recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The skill invokes a remote Apify actor at runtime via the URL https://api.apify.com/v2/acts/apidojo~instagram-scraper/runs?token=$APIFY_TOKEN which runs remote scraper code (executing remote code) and is a required dependency for the skill.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 13, 2026, 09:36 PM

Issues

2