llamaindex
Warn
Audited by Snyk on Jun 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). The skill’s runtime workflow can ingest outsider-authored free text via its “web pages” connector path (e.g.,
SimpleWebPageReader().load_data([...])/BeautifulSoupWebReader().load_data(urls=[...])), which fetches arbitrary public URLs and turns the page body into LLM-readable document text for indexing/querying.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The examples include runtime document ingestion from external URLs (e.g., BeautifulSoupWebReader.load_data(["https://docs.python.org/3/tutorial/","https://numpy.org"]) and GithubRepositoryReader which fetches github.com repositories) — those fetched documents are ingested as context that directly controls LLM prompts/responses.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata