Skills
skills/cinience/alicloud-skills/alicloud-platform-multicloud-docs-api-benchmark/Snyk

alicloud-platform-multicloud-docs-api-benchmark

Warn

Audited by Snyk on Mar 11, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The benchmark script (skills/platform/docs/alicloud-platform-multicloud-docs-api-benchmark/scripts/benchmark_multicloud_docs_api.py) actively auto-discovers and fetches public third‑party web content (DuckDuckGo results, provider docs domains, GitHub code search, GCP Discovery API, and api.aliyun.com) via fetch_text/fetch_json and classify_links, parses that HTML/text, and uses the extracted signals to compute scores and recommended actions—so untrusted external pages can materially influence the agent's decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 11, 2026, 10:15 AM
Issues
1