rag-implementation
Warn
Audited by Snyk on May 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill's workflow and references explicitly describe retrieving and ingesting external corpus content (e.g., "retrieve", "retrieved chunks", "no_relevant_context fallback — web search" in SKILL.md §4–§5 and §9, and the corrective RAG control flow in references/compression-and-corrective.md), treat that retrieved content as untrusted, and rely on the LLM to read/grade/use those chunks to decide retrieval/fallback and generate answers—demonstrating the agent will consume untrusted third-party content that can influence actions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata