Parser
Warn
Audited by Snyk on Jun 30, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). The required runtime workflow ingests outsider-authored free text by fetching user-supplied URLs (public web pages, tweets/newsletters/PDF text) and then sending the extracted content/transcript into Gemini prompts for entity extraction/summarization, which becomes LLM context (e.g.,
Workflows/ExtractArticle.md→ Gemini Researcher with{content_text},Workflows/ExtractTwitter.md→ thread text,Workflows/ExtractPdf.md→ full PDF text,Workflows/ExtractNewsletter.md→ newsletter HTML text).
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The BatchEntityExtractionGemini3 workflow clearly fetches arbitrary user-supplied webpages at runtime (e.g., the script uses curl -s "$url" to load pages such as https://example.com/article) and concatenates that raw content into an extraction prompt which is then sent to Gemini (via llm or the Google Generative Language API at https://generativelanguage.googleapis.com/...), so remote content can directly influence the model prompt (prompt-injection risk).
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata