skills/hakityc/tapd-skill/tapd/Snyk

tapd

Warn

Audited by Snyk on Jun 12, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.85). 运行时会通过 tapd-mcp 调用 get_stories_or_tasks/get_image 等把 TAPD 远端返回的 Story/Task description、原型图片内容（经 MCP 转成可读文本/描述）注入到 LLM 上下文，用于 intake/计划生成；该远端内容属于非操作用户的外部来源。

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 12, 2026, 10:53 AM

Issues

1

Security Audit — snyk — tapd