boss-greeting
Warn
Audited by Snyk on Jun 9, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). 该 skill 在步骤 4A/4B/4C 会把用户输入的 JD 文本或截图识别出的招聘正文(外部作者的岗位描述)作为可读文本进入 LLM 上下文,用于生成打招呼内容;这属于“公共/第三方网页或他人撰写的自由文本(招聘JD)”的运行时摄取。
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata