llamaindex

Warn

Audited by Snyk on Jun 29, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The skill’s runtime workflow can ingest outsider-authored free text via its “web pages” connector path (e.g., SimpleWebPageReader().load_data([...]) / BeautifulSoupWebReader().load_data(urls=[...])), which fetches arbitrary public URLs and turns the page body into LLM-readable document text for indexing/querying.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The examples include runtime document ingestion from external URLs (e.g., BeautifulSoupWebReader.load_data(["https://docs.python.org/3/tutorial/","https://numpy.org"]) and GithubRepositoryReader which fetches github.com repositories) — those fetched documents are ingested as context that directly controls LLM prompts/responses.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 29, 2026, 12:55 AM
Issues
2
Security Audit — snyk — llamaindex