mycarrierpackets-api

Warn

Audited by Snyk on May 25, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill explicitly calls MyCarrierPackets endpoints (e.g., https://api.mycarrierpackets.com/api/v1/Carrier/GetCarrierData, /GetDocument, /CompletedPackets, /CarriersChanges) to fetch carrier profiles, uploaded documents (COI/W9/eAgreements) and risk assessments — all third‑party/user‑submitted content that the agent decodes and uses to drive invitations, monitoring, blocking, and other decisions, which meets the criteria for indirect prompt injection risk.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 25, 2026, 02:48 AM
Issues
1
Security Audit — snyk — mycarrierpackets-api