reading-business-cards
Warn
Audited by Snyk on Jun 22, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). Outsider-authored free text can enter the LLM context via the keyed API runner:
scripts/extract_cards.pyreads runtime-generated tile PNGs fromprep_cards.py(open(rec["tile"], "rb")→ base64) and sends them to Haiku withsystem_prompt/image content; if the operating user supplied outsider business-card images, the card text (outsider-authored) is ingested as readable text by the model.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata