Skills
skills/vm0-ai/vm0-skills/serpapi/Snyk

serpapi

Warn

Audited by Snyk on Apr 17, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests public web search results via SerpApi (e.g., SKILL.md curl examples like "https://serpapi.com/search?engine=google...") which returns untrusted, user-generated third-party content (webpages, news, forums, social media links) that the agent is expected to read and could materially influence subsequent actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 17, 2026, 03:42 PM
Issues
1