supadata

Warn

Audited by Snyk on May 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated third‑party content (e.g., social videos/posts and arbitrary webpages) via endpoints documented in SKILL.md and references (notably GET /transcript, GET /metadata, GET /web/scrape, POST /web/crawl, and POST /extract), and it expects the agent to read/interpret that content (transcripts, scraped Markdown, AI-extracted JSON) which can materially influence downstream decisions and tool use.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 10:03 PM
Issues
1
Security Audit — snyk — supadata