feature-analysis

Warn

Audited by Snyk on Jun 29, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). 运行时 LLM 上下文注入风险来自“数据文件内容/列名”被直接拼接进 Markdown 报告(如特征名、IV/PSI/统计值、分箱表等),而这些文本来自用户未选择引入的外部数据集(read_dataset(data_path) 读取 parquet/csv 后在 build_report() 中逐字段写入 lines,最终落盘 feature_analysis_report.md)。

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 29, 2026, 06:40 AM
Issues
1
Security Audit — snyk — feature-analysis