netbox-ndx
Warn
Audited by Snyk on Jun 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). Runtime path: the skill’s required workflow calls the customer’s NetBox REST endpoints under
/api/plugins/ndx/import-records/and/api/plugins/ndx/enrichments/, which return nestedenrichmentobjects includingprovenance_entries[].sourceand other free-text fields; these values originate from the NDX catalog (an external third party) and are ingested into the agent’s LLM context as readable JSON/prose.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata