skills/salvo-rs/salvo-skills/salvo-file-handling/Snyk

salvo-file-handling

Warn

Audited by Snyk on Apr 13, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The SKILL.md handlers (e.g., upload, upload_files, update_profile, raw_upload) explicitly accept and read user-provided multipart file uploads, form fields, and raw request bodies from HTTP requests — untrusted user-generated content that the code parses and uses to decide accept/reject, filenames, storage, and responses.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 13, 2026, 06:49 AM

Issues

1