construction-takeoff
Warn
Audited by Snyk on Jun 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider free text is ingested via the “Competitor Analysis (via Firecrawl)” stage: the workflow scrapes competitor webpages (public web content) at runtime and feeds the extracted page text into the agent’s LLM context for “Extracts competitor features and automation capabilities.”
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata