Skills
skills/xquik-dev/x-twitter-scraper/run-giveaway/Snyk

run-giveaway

Warn

Audited by Snyk on Apr 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly pulls entrants from a seed tweet on X (e.g., POST /draws with seed_tweet_url and entry_source: likes|retweets|replies|quotes) and ingests public tweet content and entrant profile data—untrusted, user-generated sources that directly determine winner selection—creating exposure to indirect prompt injection.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 27, 2026, 09:38 AM
Issues
1