localdata-business-status
Warn
Audited by Snyk on Jun 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). Runtime path: the skill downloads outsider-authored public CSV content from
https://file.localdata.go.kr/file/download/<slug>/info?orgCode=...and decodes it into readable text (_fetch_csv→response.read().decode(...)), then parses rows into strings that are included in the LLM context asmatches/result.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata