spree-promotions
Warn
Audited by Snyk on Jun 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required workflow includes “Fetch live docs” by retrieving a public URL (https://spreecommerce.org/...) and then “Inspect the live … source”/“review live examples,” which would ingest outsider-authored free text from the public web into the agent’s LLM context at runtime.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata