create-prd

Warn

Audited by Snyk on Jun 5, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). 运行时会读取“用户提供的业务上下文/需求背景”自由文本(阶段0第1步),该文本属于非操作用户的外部输入来源(用户未必选择引入的第三方内容可能混入),从而进入 LLM 上下文。

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 5, 2026, 06:44 AM
Issues
1
Security Audit — snyk — create-prd