submit-credit-application

Warn

Audited by Snyk on Jun 29, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). 运行时在步骤2“材料盘点”与步骤3“完备性评估”中会读取并把客户笔记/影像档案材料的正文内容(来自 system_api 的客户笔记与客户材料)拼入LLM上下文;这些内容通常由非操作用户(如客户经理/他人录入或客户提供的材料)产生,属于“外部主体的自由文本/文档正文”间接提示注入风险。

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 29, 2026, 06:40 AM
Issues
1
Security Audit — snyk — submit-credit-application