recoup-deal-ingest
Warn
Audited by Snyk on Jun 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). Outsider free text can enter the LLM context via
scripts/dataroom-hygiene-scan.py, which reads seller-provided textual files underdeals/{deal-id}/source/(e.g.,.txt/.md/.csv/.json/.yaml) and extracts matching concealment-language lines intoworkpapers/dataroom-hygiene.json/findings/dataroom-hygiene-findings.json, which the agent would then summarize for the LLM.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata