skills/gpttang/skill-atlas/image-gen/Snyk

image-gen

Warn

Audited by Snyk on Jun 16, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.75). Outsider free text can enter the LLM context via --promptfiles/stdin: scripts/main.ts reads arbitrary files/STDIN into prompt and passes it to provider APIs (e.g., Google/OpenAI/DashScope) as user text, which the provider LLM consumes; those prompt contents are not authored by the operating user.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 16, 2026, 11:09 AM

Issues

1

Security Audit — snyk — image-gen