web-crawler

Warn

Audited by Snyk on May 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests untrusted, user-generated content from public social platforms via the ScrapeCreators API (e.g., /v1/twitter/user/tweets, /v1/reddit/post/comments, /v1/youtube/video, etc.) and from arbitrary web pages via the Firecrawl fallback, and its required workflow instructs the agent to read, parse, summarize, and act on that content (SKILL.md), which could allow indirect prompt injection.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 23, 2026, 12:22 PM
Issues
1
Security Audit — snyk — web-crawler