kaiyu-qichacha-fetcher
Warn
Audited by Snyk on Jun 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). 运行时 LLM 上下文会包含企查查 API 返回的
Result/Message等字段(通过duediligence.render_markdown()把 JSON 数据嵌入 markdown 并返回给用户/LLM),而这些文本来自外部第三方数据源(企查查 OpenAPI),属于“外部系统返回的自由文本/记录内容”。
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata