chronicle-read
Warn
Audited by Snyk on Jun 22, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The required workflow reads narrative chapter files from
/chronicle/(e.g.,read /chronicle/NNNNNN.md), and those chapters are auto-maintained from/chat_history/chatter, which can include free-form messages authored by outsiders; thus outsider-authored text can be ingested into the LLM via the chronicle context auto-prepends.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata