aurora-dsql

Warn

Audited by Snyk on Jun 30, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). Outsider free text can enter the LLM context via the user-provided SQL/query text that the runtime workflow (Workflow 8 “Query Plan Explainability”) instructs the agent to run verbatim in psql and then incorporate into the generated Markdown diagnostic report (including verbatim error/plan text), so the LLM ingests untrusted user-authored prose.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 30, 2026, 12:56 PM
Issues
1
Security Audit — snyk — aurora-dsql