alibabacloud-security-health-check
Warn
Audited by Snyk on Jul 3, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime workflow ingests customer-returned
*-collected.jsonfiles (e.g.,waf-collected.json,sas-collected.json, etc.) from the customer ops team intoscorer.py(json.loads(json_file.read_text())), and those JSON fields are then rendered intoscores.jsonand used as readable text in the LLM context via the report-generation steps (HTML/Markdown templates), creating an indirect prompt-injection path from outsider-authored customer content.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata