By sending a message containing a specially crafted link using the `SNAPCHAT_NO_PROMPT` type, a CSRF attack can be performed, causing the victim to unlock a Lens for their snapchat account without the prompt appearing.