chonkie

Warn

Audited by Snyk on Apr 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill fetches executable pipeline/recipe content from the public HuggingFace Hub (e.g., RecursiveRules.from_recipe and Pipeline.from_recipe referencing chonkie-ai/recipes in SKILL.md and references), which is user-hosted/untrusted third-party content that the agent loads and uses to change chunking and pipeline behavior—allowing external content to materially influence its processing and actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 27, 2026, 06:49 PM
Issues
1
Security Audit — snyk — chonkie