Skills
skills/rabbit-ivan/ivan-skills/kie-ai-generation/Snyk

kie-ai-generation

Warn

Audited by Snyk on Mar 8, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's required workflow calls and parses responses from the third‑party Kie.ai API (e.g., GET https://api.kie.ai/api/v1/jobs/recordInfo which returns data.param and data.resultJson), and those untrusted/user-provided fields are explicitly parsed and used (resultUrls/state) to drive delivery/next actions, so external content can influence tool use.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 8, 2026, 11:01 AM