supplier-delivery-risk-summary

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). 该技能的运行时上下文由用户提供的自由文本字段 supplierDeliveryText(以及可能的 supplierPortalLink/上传文件转成文本)进入 LLM;其中 supplierDeliveryText 属于“操作用户选择粘贴的外部材料/供应商沟通记录”,属于外部作者的自由文本,存在间接提示注入风险。

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 03:33 AM
Issues
1
Security Audit — snyk — supplier-delivery-risk-summary