Fail
Audited by Snyk on Feb 15, 2026
Risk Level: HIGH
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and fetches arbitrary external content via the "image_url" input (see Execution Step 1's "image_url": "https://example.com/image.jpg") and posts/uses user-provided captions to Instagram (a public third‑party platform), so it ingests untrusted third‑party content as part of its workflow.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). The string skpi-ouiqydzmtpr5oeu9i6b6akfn appears directly in a run command and is high-entropy (random-looking, not a simple placeholder). It follows an "sk*" key-like pattern and is presented as a usable identifier in a CLI command, so it could be a real credential. Other values (we-xxx RUN_ID example, c-z... workflow path, example image URL, and JSON field names/placeholders) are either obvious placeholders, public IDs/paths, or low-entropy examples and were ignored.
Audit Metadata