live-commerce-script-compliance-review

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). 该技能的必填运行时输入通过 liveTalkText(粘贴直播话术的自由文本)或 liveTalkFile(上传脚本资料)进入 contextComposer,因此若这些内容来自非操作用户(如他人提供的脚本/话术),就会以自由文本形式被送入LLM上下文,构成外部提示注入暴露路径。

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 03:33 AM
Issues
1
Security Audit — snyk — live-commerce-script-compliance-review