research
Warn
Audited by Snyk on Apr 2, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill autonomously fetches and ingests public third‑party content—parliamentary transcripts and Official Journal PDFs—via the external API endpoints (e.g., /transcripts, /transcript/[id], and /official-journal which returns pdfUrl links to BOE/EUR‑Lex/Diario Oficial) and explicitly requires the agent to read and act on that content to produce reports, which could enable indirect prompt injection.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill mandates at runtime sending the generated HTML to the external PDF generation endpoint https://source-worker-876875904047.us-central1.run.app/generate-pdf?filename=report.pdf, which performs remote execution to render the PDF and is a required runtime dependency.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata