sonarr
Warn
Audited by Snyk on Mar 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill performs series lookups via the Sonarr API (scripts/sonarr.sh calls GET /api/v3/series/lookup) and SKILL.md/README explicitly require presenting TVDB links and overviews (thetvdb.com), meaning it consumes untrusted/public third-party metadata (TheTVDB/indexers) as part of its workflow which can influence which shows are added.
Audit Metadata