uapi-get-webparse-metadata

Warn

Audited by Snyk on Jul 9, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). 该 skill 的运行时工作流会把用户提供的 url(外部用户输入,可能指向任意网页)作为请求参数传给 GET /webparse/metadata,而该接口会抓取/解析该网页并将其元数据结果(由外部网页内容衍生的文本)返回到 LLM 上下文,存在“外部网页内容/注入文本”间接进入上下文的风险。

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 9, 2026, 06:42 AM
Issues
1
Security Audit — snyk — uapi-get-webparse-metadata