cargo-quickstart
Warn
Audited by Snyk on Jul 11, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The required workflow uses
curlto download workflow outputs from a signed URL (cargo-ai orchestration run download-outputs ... --format json), and those outputs include outsider-authored lead/job text from third-party connectors (e.g., Sales Navigator), which is then ingested into the LLM context via the agent’s subsequent “show the table”/reasoning over/tmp/quickstart-outputs.json.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata