https://github.com/NVIDIA-AI-Blueprints/video-search-and-summarization ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
SEC015 Insecure Randomness for Security |
medium | 4 |
SEC017 Unbounded Input to LLM/External API |
medium | 4 |
SEC016 LLM Prompt Injection — User Input in AI Prompt |
high | 4 |
SEC020 Secret Printed to Logs |
high | 2 |
SEC016
LLM Prompt Injection — User Input in AI Prompt
agent/src/vss_agents/agents/critic_agent.py:201
· conf 0.90
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…SEC016
LLM Prompt Injection — User Input in AI Prompt
agent/src/vss_agents/evaluators/report_evaluator/field_evaluators/llm_judge.py:130
· conf 0.90
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…SEC016
LLM Prompt Injection — User Input in AI Prompt
agent/src/vss_agents/tools/template_report_gen.py:953
· conf 0.90
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…SEC015
Insecure Randomness for Security
ui/packages/nemo-agent-toolkit-ui/middleware.ts:23
· conf 1.00
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC017
Unbounded Input to LLM/External API
agent/src/vss_agents/agents/critic_agent.py:201
· conf 0.80
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…SEC017
Unbounded Input to LLM/External API
agent/src/vss_agents/evaluators/report_evaluator/field_evaluators/llm_judge.py:130
· conf 0.80
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…SEC017
Unbounded Input to LLM/External API
agent/src/vss_agents/tools/template_report_gen.py:953
· conf 0.80
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…SEC015
Insecure Randomness for Security
[SEC015] Insecure Randomness for Security (and 4 more): Same pattern found in 4 additional files. Review if needed.SEC015
Insecure Randomness for Security
ui/packages/nv-metropolis-bp-vss-ui/video-management/lib-src/utils.ts:107
· conf 0.15
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC015
Insecure Randomness for Security
ui/packages/nv-metropolis-bp-vss-ui/video-management/lib-src/VideoManagementComponent.tsx:67
· conf 0.15
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC016
LLM Prompt Injection — User Input in AI Prompt
[SEC016] LLM Prompt Injection — User Input in AI Prompt (and 1 more): Same pattern found in 1 additional files. Review if needed.SEC017
Unbounded Input to LLM/External API
[SEC017] Unbounded Input to LLM/External API (and 1 more): Same pattern found in 1 additional files. Review if needed.SEC020
Secret Printed to Logs
agent/src/vss_agents/tools/evaluation_compressor.py:88
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
deployments/vlm-as-verifier/scripts/env-substitute.py:83
· conf 0.10
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/537782cf-db5f-4bf7-8b5f-e9aa7b2cdedb/.