spark-authoring-cli
Warn
Audited by Snyk on Mar 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's documentation explicitly instructs ingesting arbitrary public HTTP/HTTPS dataset URLs (see "Public URL Data Ingestion" in notebook-api-operations.md and resources/data-engineering-patterns.md), telling the agent to download/copy and then read those external files as part of normal workflows, which exposes it to untrusted third‑party content that could influence subsequent actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly calls Fabric REST endpoints (e.g., https://api.fabric.microsoft.com/v1/workspaces/{workspaceId}/notebooks/{notebookId}/getDefinition and updateDefinition) at runtime to fetch and upload Base64-encoded notebook content (executable code) which the skill depends on to modify/run notebooks, so the fetched content can directly control code execution.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata