scrape-review-schema

Warn

Audited by Snyk on Jun 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The skill reads outsider-authored free text into the LLM context via REVIEW_DATA/data.js, which is constructed from {spec_path}/pages/*/meta.json and {work_path}/analyze-page/*.{html_variant}.json (page metadata + analysis results), and those analysis results can include arbitrary extracted text from the scraped pages; the review UI then sends the user’s feedback (including any edited/corrected extracted values) back to the agent over fetch(AGENT_URL) as plain text.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 27, 2026, 05:23 AM
Issues
1
Security Audit — snyk — scrape-review-schema