Skills
skills/agw-sales-ops/skills/ali-weekly-report/Snyk

ali-weekly-report

Warn

Audited by Snyk on Jun 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). Step 0 uses duckdb COPY to fetch and localize data from the outsider-authored remote table sales_bills_db.sales_bills.v_bill_ali_detail (via ali-billing-query DuckDB connection), and the resulting CSV is then read as free-form text by func1_quarterly.py/func2_weekly.py/func3_monthly.py into the LLM-executed context (e.g., customer names and amounts rendered into images and printed).

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 05:42 AM
Issues
2
Security Audit — snyk — ali-weekly-report