supadata
Warn
Audited by Snyk on Feb 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). Yes — the skill explicitly fetches and returns transcripts and scraped page content from public social media and websites (e.g., YouTube/TikTok/Instagram/X/Facebook via /transcript and arbitrary pages via /web/scrape and /web/crawl), so the agent will ingest untrusted user-generated third‑party content that could contain indirect prompt injections.
Audit Metadata