dicom-series-to-volume

Warn

Audited by Snyk on Jun 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). At runtime, the skill reads DICOM files from the caller-provided dicom_dir via scripts/series_to_volume.py::_read_series() using pydicom.dcmread(), then ingests DICOM header fields (e.g., ImageOrientationPatient, ImagePositionPatient, PixelSpacing, RescaleSlope/Intercept, and Study/Series* strings) into the JSON it prints—so any outsider-authored DICOM directory contents become LLM-readable free text in result_json (e.g., dicom_metadata, input_dir).

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 04:34 PM
Issues
1
Security Audit — snyk — dicom-series-to-volume