update-mascots
Warn
Audited by Snyk on Jun 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The script reads outsider-authored free text from sibling projects’ prompt files (e.g.,
image-prompts.md/README.md/docs/prompts/*/docs/learning-graph/*) viaprompt_path.read_text(...)inextract_character_name(), and that text is then used to generate derived markdown files (includingdocs/list-mascots.mdand per-mascotindex.md).
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata