airflow
Warn
Audited by Snyk on Feb 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill allows querying arbitrary Airflow instances and endpoints (user-provided --url / AF_CONFIG entries) and directly ingesting user-generated content such as DAG source (af dags source), task logs (af tasks logs), XCom/event-logs and arbitrary API responses via af api / af api spec, which are untrusted third-party inputs the agent is expected to read and interpret.
Audit Metadata