Skills
skills/nvidia/skills/deepstream-dev/Snyk

deepstream-dev

Warn

Audited by Snyk on May 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill's runtime pipeline instructions explicitly use nvurisrcbin / nvmultiurisrcbin to ingest arbitrary URIs (RTSP/HTTP/file) as sources (see SKILL.md and references/nvmultiurisrcbin), so untrusted public streams are consumed and their content can directly influence pipeline actions (e.g., triggers, frame capture, streaming), creating a clear vector for indirect prompt injection.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 06:15 AM
Issues
1
Security Audit — snyk — deepstream-dev