Skills
skills/artwist-polyakov/polyakov-claude-skills/yandex-search-api/Snyk

yandex-search-api

Warn

Audited by Snyk on Mar 1, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's sync and async search scripts (scripts/web_search_sync.sh and scripts/web_search_async.sh) call the Yandex Cloud Search API (SEARCH_API_URL/v2/web/search and /searchAsync), decode and parse the returned rawData into cache/results/*.raw and *.json via scripts/common.sh (parse_search_xml), and then present titles, URLs and snippets from arbitrary public web pages—i.e., untrusted third‑party content is fetched and consumed as part of the agent workflow.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 11:53 AM