image-search
Fail
Audited by Snyk on Jun 6, 2026
Risk Level: HIGH
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). The required runtime workflow uses
jina_search.pyto fetch search results from the public web and thenjina_batch_scrape.pyto scrape those outsider-provided URLs viahttps://r.jina.ai/<url>, ingesting the resulting scraped markdown (free text) into the agent’s LLM context for analysis/selection.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I inspected the skill files and found a hardcoded API key literal present in multiple scripts. Specifically, the variable JINA_API_KEY is set to a long, random-looking string (jina_a054a46449f240a8be11a021c10885b2gFKr_SHHQ_Q9gTitXU4B9CGk4Pt9) in:
- scripts/jina_batch_scrape.py
- scripts/jina_scrape.py
- scripts/jina_search.py
Why this is flagged:
- It is a literal value used directly in Authorization headers (req.add_header("Authorization", f"Bearer {JINA_API_KEY}")), meaning it grants programmatic access to Jina services.
- The string is high entropy / non-trivial (not a documentation placeholder like YOUR_API_KEY or a simple setup password), so it appears to be a real API key.
No other high-entropy secrets (private key PEM blocks, other API tokens) were found. There were many benign items to ignore (example commands, simple words, environment variable names), but the above API key is an actual hardcoded credential and should be treated as a secret leak.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
Audit Metadata