automation-pilot-catalog-explorer
Warn
Audited by Snyk on Jul 8, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). SKILL.md describes runtime API calls (e.g.,
curl ... /api/v1/catalogsand/api/v1/commands...and/api/v1/commands/$COMMAND_ID) whose JSON fields likedescriptionandconfiguration.executorswould be ingested as readable text by the agent, and those catalog/command definitions can be outsider-authored (tenant custom catalogs/commands or SAP-provided content).
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata