uapi-get-network-whois

Warn

Audited by Snyk on Jul 9, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). 该 skill 的运行时会调用公开网络诊断接口 GET /network/whois,其返回字段 whois 可能包含“原始、未处理的WHOIS文本字符串”(外部域名注册信息文本),从而把非由操作用户撰写的自由文本内容进入 LLM 上下文。

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 9, 2026, 06:42 AM
Issues
1
Security Audit — snyk — uapi-get-network-whois