travel-planner

Warn

Audited by Snyk on Jun 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). 该技能在 Step 2/4 里“必须联网”执行多组搜索(如“{目的地} 旅游攻略…”“{目的地} 必去景点 门票价格”“{目的地} 避坑…”“{出发城市} 到 {目的地} 机票/高铁…”,并据此生成门票与费用),因此会把运行时从公共网页/搜索结果抓取的第三方攻略与价格文本(外部作者)注入到LLM上下文中。

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 02:56 PM
Issues
1
Security Audit — snyk — travel-planner