testing-prompt-injection-in-rag-pipelines

Fail

Audited by Snyk on Jun 23, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This repository and scripts explicitly implement and automate prompt-injection and embedding-poisoning attacks (including payloads that instruct models to reveal system prompts and document contents, tooling to exfiltrate data via model responses, and automation against arbitrary endpoints), which are deliberate offensive techniques with a high potential for unauthorized data exfiltration and abuse even if labeled "authorized use only".

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). At runtime, the inject mode sends attacker-controlled free-text payloads (--payload / --payload-file) to the target RAG endpoint and then ingests the model’s returned answer text into the agent’s own processing/reporting context; this is outsider-authored free text because it originates from the external target system rather than the operating user.

Issues (2)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 23, 2026, 01:35 AM
Issues
2
Security Audit — snyk — testing-prompt-injection-in-rag-pipelines