llama-cpp

Warn

Audited by Snyk on May 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's required Model Discovery workflow explicitly fetches and parses public, user-contributed Hugging Face content—e.g. the repo local-app page (https://huggingface.co/?local-app=llama.cpp) and the tree API (https://huggingface.co/api/models//tree/main?recursive=true)—and treats those untrusted pages as the source of truth to pick quants and construct runtime commands, so third-party content can directly influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and use Hugging Face repo pages at runtime (e.g., https://huggingface.co/?local-app=llama.cpp and https://huggingface.co/api/models//tree/main?recursive=true) and to copy the local-app snippet / tree API data directly into llama-server/llama-cli commands, so external content would directly control runtime commands/instructions.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 01:45 PM
Issues
2
Security Audit — snyk — llama-cpp