skills/ortus-boxlang/skills/boxlang-core-dev-bif-development/Snyk

boxlang-core-dev-bif-development

Warn

Audited by Snyk on Apr 21, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.70). The "Accessing BoxRuntime Services From a BIF" section includes a CachedFetch example that accepts an arbitrary url argument and calls fetchFromUrl(url) to retrieve and return remote data, which clearly ingests untrusted third‑party content into the agent's workflow.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 21, 2026, 04:42 PM

Issues

1