jetson-customize-uphy

Warn

Audited by Snyk on Jun 22, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). Outsider free text is ingested via the runtime WebFetch of the Adaptation Guide (“documents.adaptation_guide … web fetch -> Step-1 prompt fallback”), where fetched page text is extracted and cached for later option discovery and user-facing tables.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill explicitly performs a runtime WebFetch against the Adaptation Guide URL template (https://docs.nvidia.com/jetson/archives/r./DeveloperGuide/HR/JetsonModuleAdaptationAndBringUp/JetsonAdaptationBringUp.html#configure-the-uphy-lane) to extract every documented uphyX-config index and lane mapping and uses that fetched content to build the choice menus and drive user prompts, so this external URL is a runtime dependency that directly controls agent prompts.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 08:45 PM
Issues
2
Security Audit — snyk — jetson-customize-uphy