reel-discovery

Fail

Audited by Snyk on Jul 10, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The skill explicitly shows and documents passing API keys/tokens on the command line and via CLI flags (e.g., --yt-api-key, APIFY_TOKEN=..., setup_key.py --yt-api-key) which would require the model to include secret values verbatim in generated commands or examples.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Yes—this skill fetches outsider-authored free text (e.g., YouTube/TikTok/Instagram captions/titles/descriptions and Apify/tikwm/IG web JSON fields) at runtime via HTTP in the searchers, which is then rendered into results.md/results.json and can be passed downstream to other LLM-using skills (e.g., video-scene-analysis / reel-restyle).

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 10, 2026, 01:41 AM
Issues
2