reel-discovery
Fail
Audited by Snyk on Jul 10, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The skill explicitly shows and documents passing API keys/tokens on the command line and via CLI flags (e.g., --yt-api-key, APIFY_TOKEN=..., setup_key.py --yt-api-key) which would require the model to include secret values verbatim in generated commands or examples.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Yes—this skill fetches outsider-authored free text (e.g., YouTube/TikTok/Instagram captions/titles/descriptions and Apify/tikwm/IG web JSON fields) at runtime via HTTP in the searchers, which is then rendered into
results.md/results.jsonand can be passed downstream to other LLM-using skills (e.g.,video-scene-analysis/reel-restyle).
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata