qiaomu-app-review

Warn

Audited by Snyk on Jun 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Outsider-authored free text from public App Store customer reviews is fetched at runtime via fetchReviews() calling https://itunes.apple.com/${country}/rss/customerreviews/.../json, then written into evidence.md/agent-prompt.md and used by the agent to generate the final LLM report (indirect prompt injection risk).

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 01:49 PM
Issues
1
Security Audit — snyk — qiaomu-app-review