aliyun-gbi-analytics
Warn
Audited by Snyk on Apr 4, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's workflow and quickstart script (scripts/list_openapi_meta_apis.py) explicitly fetch OpenAPI metadata from the public URL https://api.aliyun.com/meta/v1/products/DataAnalysisGBI/versions/2024-08-23/api-docs.json, meaning the agent ingests third-party web content which can influence API selection and subsequent actions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata