npm-vulnerability-analysis
Warn
Audited by Snyk on Jun 12, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). The required runtime workflow (via
scripts/index.js→ scanning versions and generating reports) ingests outsider-authored free text from npm advisory/audit data—e.g., vulnerabilitytitle/url/rangefields returned bynpm audit --jsonand then rendered into the report—so untrusted prose from third parties can enter the agent’s LLM context indirectly through the generated report content.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata