image-search

Fail

Audited by Snyk on Jun 6, 2026

Risk Level: HIGH
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.95). The required runtime workflow uses jina_search.py to fetch search results from the public web and then jina_batch_scrape.py to scrape those outsider-provided URLs via https://r.jina.ai/<url>, ingesting the resulting scraped markdown (free text) into the agent’s LLM context for analysis/selection.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I inspected the skill files and found a hardcoded API key literal present in multiple scripts. Specifically, the variable JINA_API_KEY is set to a long, random-looking string (jina_a054a46449f240a8be11a021c10885b2gFKr_SHHQ_Q9gTitXU4B9CGk4Pt9) in:
  • scripts/jina_batch_scrape.py
  • scripts/jina_scrape.py
  • scripts/jina_search.py

Why this is flagged:

  • It is a literal value used directly in Authorization headers (req.add_header("Authorization", f"Bearer {JINA_API_KEY}")), meaning it grants programmatic access to Jina services.
  • The string is high entropy / non-trivial (not a documentation placeholder like YOUR_API_KEY or a simple setup password), so it appears to be a real API key.

No other high-entropy secrets (private key PEM blocks, other API tokens) were found. There were many benign items to ignore (example commands, simple words, environment variable names), but the above API key is an actual hardcoded credential and should be treated as a secret leak.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 6, 2026, 05:02 AM
Issues
2
Security Audit — snyk — image-search