chatgpt-app-builder
Warn
Audited by Snyk on May 22, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's required workflow (e.g., fetch-and-render-data.md plus CSP and open-external-links guidance) instructs views/tools to fetch data from external APIs and open arbitrary external URLs (connectDomains/redirectDomains) and to return that structuredContent/content for the LLM to read and act on (e.g., booking/checkout), so untrusted third-party content can influence agent decisions.
MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
- Hidden Unicode characters detected (1 type(s) found)
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W021
MEDIUMHidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
Audit Metadata