pricewin-deal-finder
Warn
Audited by Snyk on Jun 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The required runtime path runs
bin/search.js, which launchesbin/browse.js/bin/daemon.jsto navigate to outsider-authored public web pages (Agoda/Google/Booking) and then ingests their DOM text viasnapshot/extractWithSelectorsinto the agent’s context (e.g.,searchGoogleHotels()usesrun(['goto', url])thenrun(['query-all', ...])andsearchBookingHotels()usesrun(['extract-all', ...])).
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata