fastmoss-livestreams

Warn

Audited by Snyk on Jul 6, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Outsider free text is ingested from public FastMoss web pages at runtime: live_scraper.py navigates to https://www.fastmoss.com/zh/live/... and then evaluate(EXTRACT_JS) reads arbitrary <thead>/<tbody> cell innerText/textContent/title from the loaded page into the LLM context (via the tool result JSON that the agent consumes).

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 6, 2026, 09:23 AM
Issues
1
Security Audit — snyk — fastmoss-livestreams