qiaomu-app-review
Warn
Audited by Snyk on Jun 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider-authored free text from public App Store customer reviews is fetched at runtime via
fetchReviews()callinghttps://itunes.apple.com/${country}/rss/customerreviews/.../json, then written intoevidence.md/agent-prompt.mdand used by the agent to generate the final LLM report (indirect prompt injection risk).
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata