make-design-md
Warn
Audited by Snyk on Jun 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). Outsider free text is ingested because the workflow fetches a runtime webpage from a user-supplied URL (public web content) via
page.goto(args.url)and then reads its rendered DOM text (page.content()andpage.evaluate()extractingtextContent), which is subsequently written intoanalysis.json/page.htmland used as LLM context for synthesis.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata