b2c-cap

Warn

Audited by Snyk on Jun 30, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The required workflow uses the b2c CLI to pull installed/registry CAP sources (e.g., b2c cap pull), which at runtime fetches outsider-authored app/package content from external registries/installed sources and then extracts it into local directories that the CLI can read as text (e.g., manifests/metadata/impex/storefront-next files) for LLM-visible output/processing.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 30, 2026, 02:56 PM
Issues
1
Security Audit — snyk — b2c-cap