zhin-adapter-development
Warn
Audited by Snyk on Feb 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The adapter explicitly converts and emits raw messages from third-party chat platforms into Message objects (see handleIncomingMessage where rawMsg.content is assigned to Message.$content/$raw and emitted via 'message.receive'), meaning untrusted user-generated content from platforms like Discord/Telegram/QQ will be ingested and processed by the agent.
Audit Metadata