jetson-customize-uphy
Warn
Audited by Snyk on Jun 22, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). Outsider free text is ingested via the runtime
WebFetchof the Adaptation Guide (“documents.adaptation_guide … web fetch -> Step-1 prompt fallback”), where fetched page text is extracted and cached for later option discovery and user-facing tables.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly performs a runtime WebFetch against the Adaptation Guide URL template (https://docs.nvidia.com/jetson/archives/r./DeveloperGuide/HR/JetsonModuleAdaptationAndBringUp/JetsonAdaptationBringUp.html#configure-the-uphy-lane) to extract every documented uphyX-config index and lane mapping and uses that fetched content to build the choice menus and drive user prompts, so this external URL is a runtime dependency that directly controls agent prompts.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata