Skills
skills/tencentblueking/bk-ci/pipeline-template-module/Snyk

pipeline-template-module

Warn

Audited by Snyk on Feb 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). PTemplateYamlResourceService.createYamlPipeline (via Git webhooks) and the PipelineTemplateYamlWebhookReq/PipelineTemplateYamlWebhookReqConverter -> PipelineTemplateGenerator.transfer flow explicitly ingest and parse YAML files pushed from Git repositories (user-provided/public repo content), so the agent reads untrusted third‑party content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 09:04 PM