serpapi
Warn
Audited by Snyk on Feb 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's scripts/serp.py fetches live search results from the open web via SERPAPI (requests to https://serpapi.com/search.json) and the code parses and formats organic_results, shopping_results, local_results and review/snippet fields (e.g., snippets, Yelp reviews), so the agent directly ingests untrusted, user-generated third‑party content as part of its workflow.
Audit Metadata