rag-eval

Warn

Audited by Snyk on Jun 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The required runtime path ingests dataset-provided corpus/ files and train.json (including contexts[].text/question/answer) into the evaluation and RAGAS judge context; if those dataset files/JSON were authored by an outsider, their free text becomes LLM-readable input via the evaluator’s dataset loading and per-query prompt construction.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 04:35 PM
Issues
1
Security Audit — snyk — rag-eval