testing-prompt-injection-in-rag-pipelines
Fail
Audited by Snyk on Jun 23, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This repository and scripts explicitly implement and automate prompt-injection and embedding-poisoning attacks (including payloads that instruct models to reveal system prompts and document contents, tooling to exfiltrate data via model responses, and automation against arbitrary endpoints), which are deliberate offensive techniques with a high potential for unauthorized data exfiltration and abuse even if labeled "authorized use only".
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). At runtime, the
injectmode sends attacker-controlled free-text payloads (--payload/--payload-file) to the target RAG endpoint and then ingests the model’s returnedanswertext into the agent’s own processing/reporting context; this is outsider-authored free text because it originates from the external target system rather than the operating user.
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata