alibabacloud-sls-data-agent

Warn

Audited by Snyk on Jun 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The runtime LLM context is fed by the user-provided --question (free-form text) into the CreateChat request body as messages[].contents[].value via build_message_value(question)stream_chat()/chat SSE, and this is outsider-authored input relative to the agent’s own system/bundled prompts.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill at runtime calls the SLS DataAgent OpenAPI (default host https://starops.cn-beijing.aliyuncs.com, overridable via SLS_DATA_AGENT_ENDPOINT) and consumes the SSE CreateChat stream whose returned messages directly determine the assistant's prompts/responses, making that external endpoint a required runtime dependency.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 02:13 AM
Issues
2
Security Audit — snyk — alibabacloud-sls-data-agent