cocoindex
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- SAFE (SAFE): No malicious patterns detected. The document provides instructions for using a command-line interface (CLI) to manage data flows.\n- Data Exposure & Exfiltration (INFO): The documentation describes handling sensitive credentials via environment variables. It uses safe placeholders for API keys and database strings, avoiding hardcoded secrets.\n- Indirect Prompt Injection (INFO): The tool described (CocoIndex) is designed to process external 'source data' and perform transformations. This creates an inherent vulnerability surface for indirect prompt injection if the tool is used to process untrusted content.\n- Dynamic Execution (INFO): The CLI tool supports loading and executing local Python files (e.g., 'cocoindex update main.py'). This is a documented core feature but involves the execution of local code.
Audit Metadata