deploying-custom-domain-rest-api
Warn
Audited by Snyk on Jun 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime path is the API Gateway REQUEST authorizer Lambda (
scripts/authorizer.mjs), which ingests only the caller-supplied HTTP request fields (headers/query/stage variables) from the client; this is outsider-authored free text because it comes from an external user request not chosen by the operating user.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata