weaviate-cookbooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's cookbooks (e.g., references/advanced_rag.md and references/agentic_rag.md) explicitly fetch collection schema and samples via collection.config.get() and collection.query.fetch_objects(...) and pass those untrusted, potentially user-generated database objects into LLM-based components (LLM-created filters, query re-writers, and generation), and the Query Agent/chatbot flow (references/query_agent_chatbot.md) uses retrieved documents as context for responses—so third-party content from Weaviate collections is ingested and can directly influence tool selection and agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes setup commands that fetch-and-execute remote install scripts (curl ... | sh) for required dependencies—specifically https://astral.sh/uv/install.sh (uv installer) and https://ollama.com/install.sh (Ollama installer) — which execute remote code at install time and therefore pose a runtime execution risk.