llama-cpp
Warn
Audited by Snyk on May 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's required Model Discovery workflow explicitly fetches and parses public, user-contributed Hugging Face content—e.g. the repo local-app page (https://huggingface.co/?local-app=llama.cpp) and the tree API (https://huggingface.co/api/models//tree/main?recursive=true)—and treats those untrusted pages as the source of truth to pick quants and construct runtime commands, so third-party content can directly influence agent actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and use Hugging Face repo pages at runtime (e.g., https://huggingface.co/?local-app=llama.cpp and https://huggingface.co/api/models//tree/main?recursive=true) and to copy the local-app snippet / tree API data directly into llama-server/llama-cli commands, so external content would directly control runtime commands/instructions.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata