axim-restdoc-generator
Warn
Audited by Snyk on Mar 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The README and execution pipeline explicitly describe a Postman sync step (DSL properties postmanApiKey/postmanWorkSpaceId and "Postman Sync — Sync Collection/Environment (if configured)" / PostmanSpecConverter) which implies the plugin fetches and merges user-owned Postman collections/environments (untrusted third‑party, user-generated content) and reads/interprets them to perform merges that can change generated outputs.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The repository's Gradle wrapper is configured to download and run remote executable code at runtime from https://services.gradle.org/distributions/gradle-8.5-bin.zip, which the build/plugin execution depends on.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata