feature-analysis
Warn
Audited by Snyk on Jun 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). 运行时 LLM 上下文注入风险来自“数据文件内容/列名”被直接拼接进 Markdown 报告(如特征名、IV/PSI/统计值、分箱表等),而这些文本来自用户未选择引入的外部数据集(
read_dataset(data_path)读取 parquet/csv 后在build_report()中逐字段写入lines,最终落盘feature_analysis_report.md)。
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata