nemo-retriever

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). Outsider free text can enter the LLM context via the runtime retriever query output: the CLI returns retrieved text chunks originating from the user-provided PDFs/other documents, and those chunks are then synthesized into the assistant’s final_answer (i.e., arbitrary document text is ingested into the agent’s LLM context).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The install recipe in references/install.md fetches and installs remote code as part of setup — it runs git clone https://github.com/NVIDIA/NeMo-Retriever.git and pip installs (including pulling wheels via -i https://download.pytorch.org/whl/cu130), which downloads and executes external code that the skill depends on at runtime.