Skills
skills/wangnov/grok-search-skill/grok-search/Snyk

grok-search

Warn

Audited by Snyk on Apr 11, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's runtime (scripts/grok-search.mjs — specifically buildTools/runSearch which POSTs to https://api.x.ai/v1/responses with web_search and x_search enabled) ingests public web and X content (providerJson.output/output_text and citations) that the agent reads and uses to produce answers and tool decisions, exposing it to untrusted third‑party content.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 11, 2026, 11:21 AM
Issues
1