bigbox
Warn
Audited by Snyk on Mar 11, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly calls external BigBox/Home Depot APIs (see "Popular actions" like "Get Product Reviews" and "Get Product Questions") and allows arbitrary proxy requests via
membrane request, meaning the agent will ingest public, user-generated content from third‑party web APIs that could influence its actions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata