skills/inference-sh/skills/happyhorse/Snyk

happyhorse

Warn

Audited by Snyk on May 18, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The SKILL.md examples and parameter docs explicitly show passing arbitrary external URLs for "first_frame", "reference_images", and "video" (e.g., I2V/R2V/Video Edit examples), which the CLI/app will fetch and consume as untrusted third-party content influencing generation/editing behavior.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 18, 2026, 12:45 AM

Issues

1

Security Audit — snyk — happyhorse