podman-hackathon
YU Shield: AI-powered employee burnout detection. 30-second daily check-in, IBM Granite 3.3 running locally via Podman + RamaLama. Privacy-first. Zero cloud required.
0Tools
3Findings
1Stars
Mar 24, 2026Last Scanned
1 high · 2 low findings detected
Security Category Deep Dive
Prompt Injection
Prompt & context manipulation attacks
69
Maturity
14
Rules
5
Sub-Categories
1
Gaps
64%
Implemented
56
Tests
1
Stories
100%3 rules
Injection via tool descriptions and parameter fields
GAP-001Prompt Injection Coverage GapMissing detection coverage for emerging prompt injection attack variants not addressed by current rules
100%4 rules
Hidden instructions via external content and tool responses
100%2 rules
Context window saturation and prior-approval exploitation
100%3 rules
Payload hiding via invisible chars, base64, schema fields
100%2 rules
Injection via prompt templates and runtime tool output
Findings3
1high
2low
High1
highD1Known CVEs in DependenciesMCP08-dependency-vuln
Dependency "vite@5.4.19" has known CVEs:
Update dependencies to versions that patch known CVEs. Run 'npm audit fix' or 'pip-audit' to identify and resolve vulnerable dependencies.
Low2
lowD4Excessive Dependency CountMCP08-dependency-vuln
[Dependency] 71 direct dependencies (threshold: 50). Large dependency trees increase supply chain risk.
Audit dependencies. Remove unused packages. Prefer standard library functions.
lowF4MCP Spec Non-ComplianceMCP07-insecure-config
Server fails MCP spec compliance checks: required:server_name; required:server_version; required:protocol_version; recommended:tool_descriptions; recommended:parameter_descriptions
Follow the MCP specification for server metadata. Include server name, version, and protocol version. Provide descriptions for all tools and parameters.