cx-coding-agents
Warn
Audited by Snyk on Jun 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider-authored free text can enter the LLM context via Claude Code session text: the required runtime path
cx logsoversource ai_sessions_claudeselects and returns conversation message bodies (e.g.,claude_code.user_prompt/claude_code.api_response_body) which are user/assistant free-form text not authored by the operating user.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata