dicom-series-to-volume
Warn
Audited by Snyk on Jun 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). At runtime, the skill reads DICOM files from the caller-provided
dicom_dirviascripts/series_to_volume.py::_read_series()usingpydicom.dcmread(), then ingests DICOM header fields (e.g.,ImageOrientationPatient,ImagePositionPatient,PixelSpacing,RescaleSlope/Intercept, andStudy/Series*strings) into the JSON it prints—so any outsider-authored DICOM directory contents become LLM-readable free text inresult_json(e.g.,dicom_metadata,input_dir).
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata