npm-vulnerability-analysis

Warn

Audited by Snyk on Jun 12, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The required runtime workflow (via scripts/index.js → scanning versions and generating reports) ingests outsider-authored free text from npm advisory/audit data—e.g., vulnerability title/url/range fields returned by npm audit --json and then rendered into the report—so untrusted prose from third parties can enter the agent’s LLM context indirectly through the generated report content.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 12, 2026, 08:20 AM
Issues
1
Security Audit — snyk — npm-vulnerability-analysis