live-commerce-script-compliance-review
Warn
Audited by Snyk on Jun 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). 该技能的必填运行时输入通过
liveTalkText(粘贴直播话术的自由文本)或liveTalkFile(上传脚本资料)进入contextComposer,因此若这些内容来自非操作用户(如他人提供的脚本/话术),就会以自由文本形式被送入LLM上下文,构成外部提示注入暴露路径。
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata