skills/aaaaqwq/agi-super-team/openhr/Snyk

openhr

Warn

Audited by Snyk on Jun 24, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.85). 该技能在运行时会通过 scripts/chat_engine.py --monitor 监控并读取 Boss 直聘聊天消息（外部用户/候选人发来的自由文本），再把其内容喂入 LLM 生成回复，属于“外部方在聊天/消息渠道的自由文本”导致的间接提示注入风险。

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 24, 2026, 12:49 PM

Issues

1

Security Audit — snyk — openhr