zentao-tour
Warn
Audited by Snyk on Jun 30, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.72). 该技能在运行时主要通过
zentao profile、zentao product/task/story/...等 zentao-cli 命令拉取禅道“当前账号/项目/任务/需求/用例/BUG”等数据并把返回的 Markdown/JSON 文本喂给代理模型;这些内容属于禅道系统中由“非操作用户”产生的记录正文/字段(如他人创建的需求、Bug 标题/描述、测试步骤等),属于“OUTSIDER-AUTHORED FREE TEXT/文本字段”经由运行时 API/CLI 输出进入 LLM 上下文的间接提示注入风险。
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata