scrape-review-schema
Warn
Audited by Snyk on Jun 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). The skill reads outsider-authored free text into the LLM context via
REVIEW_DATA/data.js, which is constructed from{spec_path}/pages/*/meta.jsonand{work_path}/analyze-page/*.{html_variant}.json(page metadata + analysis results), and those analysis results can include arbitrary extracted text from the scraped pages; the review UI then sends the user’s feedback (including any edited/corrected extracted values) back to the agent overfetch(AGENT_URL)as plain text.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata