consume-nats-message
Warn
Audited by Snyk on Jun 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). 在阶段 2.5 Bootstrap 中,技能会对“公开 broker 上的消息内容”执行 peek(stream get / ephemeral consumer 读取最近 N 条),把这些消息的 headers/payload 作为可读文本用于 schema 推断并生成草稿契约,从而将“非操作用户/非本项目作者”的自由文本(消息体)喂入 LLM 上下文。
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata