Parser

Warn

Audited by Snyk on Jun 30, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.95). The required runtime workflow ingests outsider-authored free text by fetching user-supplied URLs (public web pages, tweets/newsletters/PDF text) and then sending the extracted content/transcript into Gemini prompts for entity extraction/summarization, which becomes LLM context (e.g., Workflows/ExtractArticle.md → Gemini Researcher with {content_text}, Workflows/ExtractTwitter.md → thread text, Workflows/ExtractPdf.md → full PDF text, Workflows/ExtractNewsletter.md → newsletter HTML text).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The BatchEntityExtractionGemini3 workflow clearly fetches arbitrary user-supplied webpages at runtime (e.g., the script uses curl -s "$url" to load pages such as https://example.com/article) and concatenates that raw content into an extraction prompt which is then sent to Gemini (via llm or the Google Generative Language API at https://generativelanguage.googleapis.com/...), so remote content can directly influence the model prompt (prompt-injection risk).

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 30, 2026, 03:34 PM
Issues
2
Security Audit — snyk — Parser