reading-business-cards

Warn

Audited by Snyk on Jun 22, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). Outsider-authored free text can enter the LLM context via the keyed API runner: scripts/extract_cards.py reads runtime-generated tile PNGs from prep_cards.py (open(rec["tile"], "rb") → base64) and sends them to Haiku with system_prompt/image content; if the operating user supplied outsider business-card images, the card text (outsider-authored) is ingested as readable text by the model.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 06:02 AM
Issues
1
Security Audit — snyk — reading-business-cards