fabriciq-ontology-consumption-cli
Warn
Audited by Snyk on Jun 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The required runtime workflow fetches the ontology definition via Fabric control-plane APIs (
getDefinitionLRO) and then base64-decodesdefinition.parts[]into readable JSON that is ingested into the agent context; this content is authored by the tenant/ontology owner (not the operating user), making it outsider-authored free text/JSON at runtime.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill at runtime calls the Fabric control-plane endpoints (e.g. POST/GET to https://api.fabric.microsoft.com/v1/workspaces/{WS_ID}/items/{ONT_ID}/getDefinition and polling https://api.fabric.microsoft.com/v1/operations/{operationId}) to fetch base64-encoded ontology parts which are decoded into a grounding JSON that directly controls the agent's prompt/routing decisions, and that fetch is required for the skill to function.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata