youtube-short-maker

Fail

Audited by Snyk on Jun 13, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The skill explicitly requires relaying full asset URLs including all query parameters (and instructs creating a config with PEXO_API_KEY), so the agent will be asked to emit secret-like values (API keys or signed tokens) verbatim in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). The skill polls pexo-project-get.sh, which fetches /api/biz/projects/${pid}/history and then relays recentMessages (including USER text) into the agent’s LLM context; that USER text is outsider-authored free-form content from the operating user’s prior messages, i.e., untrusted user input that can contain indirect prompt-injection payloads.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime API calls to the Pexo service (PEXO_BASE_URL "https://pexo.ai" and its /api/* endpoints) and uses the server's responses (recentMessages, nextAction, preview/final asset data) to determine and drive agent behavior, so remote content from https://pexo.ai directly controls prompts/instructions and is a required runtime dependency.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 04:14 AM
Issues
3
Security Audit — snyk — youtube-short-maker