skills/openaec-foundation/erpnext_anthropic_claude_development_skill_package/erpnext-errors-controllers/Snyk
erpnext-errors-controllers
Warn
Audited by Snyk on Feb 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill ingests and interprets external/untrusted content (e.g., PaymentRequest.process_payment posts to gateway.api_endpoint and parses response.json()/error text, and process_import reads user-uploaded files via read_import_file) so the agent consumes third-party or user-provided data as part of its workflow.
Audit Metadata