cocoindex
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill documents a system that processes external data sources via LLM integrations, which creates a surface for indirect prompt injection.\n
- Ingestion points: File 'references/cli-operations.md' describes data ingestion from 'LocalFile' and S3 sources.\n
- Boundary markers: No specific boundary markers or instructions to ignore embedded instructions are documented in the CLI reference.\n
- Capability inventory: The tool can perform database operations (setup, update, drop), write evaluation results to the filesystem, and interact with LLM APIs (OpenAI, Anthropic, Voyage).\n
- Sanitization: No explicit data sanitization or validation methods are described in the documentation.\n- Dynamic Execution (SAFE): The CocoIndex CLI loads and executes Python code from local files (e.g., 'cocoindex update main.py'). While this involves dynamic loading, it is the primary intended function of the tool and operates on user-provided local files.
Audit Metadata