alibabacloud-security-health-check

Warn

Audited by Snyk on Jul 3, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The required runtime workflow ingests customer-returned *-collected.json files (e.g., waf-collected.json, sas-collected.json, etc.) from the customer ops team into scorer.py (json.loads(json_file.read_text())), and those JSON fields are then rendered into scores.json and used as readable text in the LLM context via the report-generation steps (HTML/Markdown templates), creating an indirect prompt-injection path from outsider-authored customer content.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 3, 2026, 01:57 AM
Issues
1
Security Audit — snyk — alibabacloud-security-health-check