yaklang-toolchain
Warn
Audited by Snyk on Jun 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). 该工作流在运行时会读取并执行“外部提供的脚本文件/示例脚本”(如
yak hotpatch-mitm --script ...、yak codec-plugin --script ...以及--request/--response文件内容),这些文本属于非操作用户自选引入的内容,随后会被引擎作为可读脚本/HTTP文本喂入 LLM 上下文(间接提示注入风险)。
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata