netsuite-ai-connector-guardrails
Fail
Audited by Snyk on Mar 27, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E004: Prompt injection detected in skill instructions.
- Potential prompt injection detected (high risk: 1.00). The skill includes explicit instructions to "Show your reasoning throughout the process" and "Execute immediately" / "Apply every rule ... no exceptions," which attempt to force disclosure of internal chain-of-thought and override higher-level system constraints—behavior that is outside the stated purpose of providing tool-selection and safety guardrails and therefore constitutes a prompt injection.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). This skill is explicitly a NetSuite connector designed for financial operations. It defines and mandates use of ns_createRecord and ns_updateRecord (with explicit guards) and enumerates transaction record types including Customer Payment (custpymt), Bank Deposit (deposit), Bank Transfer (transfer), Vendor Bill / Bill Payment flows, and other finance transactions. The tool selection and hard rules are specifically oriented to creating/updating financial transaction records (not generic browsing or generic API calls). Because it directly supports creating/updating payment and bank transaction records within NetSuite, it grants direct financial execution capability.
Issues (2)
E004
CRITICALPrompt injection detected in skill instructions.
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata