dag-typesafe
Warn
Audited by Snyk on May 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill's headless composition flow (scripts/compose.py -> compose_openai) posts a prompt to an external LLM endpoint (DAG_LLM_BASE_URL / OpenRouter/Groq/etc.) and directly ingests the provider's JSON response as the DAG plan (dag-plan.json), which is then validated/compiled and can change execution behavior—so untrusted third‑party model output is consumed as part of the workflow.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata