Knowledge
Warn
Audited by Snyk on Jun 30, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime workflow
/knowledge ingest <url-or-file>can fetch and read outsider-authored free text from a user-supplied URL via WebFetch/curl, then summarizes/classifies it and writes it into Knowledge notes that are later used for LLM context (indirect prompt-injection risk through fetched page content).
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The /knowledge ingest workflow fetches arbitrary external URLs at runtime using WebFetch (falling back to curl -sL) and injects the fetched content into the agent's processing pipeline to summarize, classify, and drive automatic note creation and ripple updates, so URLs provided to the ingest command (fetched via WebFetch or curl -sL) are a runtime external dependency that can directly control agent outputs.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata