alibabacloud-sls-data-agent
Warn
Audited by Snyk on Jun 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The runtime LLM context is fed by the user-provided
--question(free-form text) into theCreateChatrequest body asmessages[].contents[].valueviabuild_message_value(question)→stream_chat()→/chatSSE, and this is outsider-authored input relative to the agent’s own system/bundled prompts.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill at runtime calls the SLS DataAgent OpenAPI (default host https://starops.cn-beijing.aliyuncs.com, overridable via SLS_DATA_AGENT_ENDPOINT) and consumes the SSE CreateChat stream whose returned messages directly determine the assistant's prompts/responses, making that external endpoint a required runtime dependency.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata