Yandex will be able to access the data entered on the internal site. What? Yes, almost everyone.
As a rule, parameters and sets are selected that will go into the metric. Discussed when implementing the metric. More details after-before implementation can be found in the scripts that will be loaded on the page. But there is always a chance that they will update and drag something else. For example, a full log of keystrokes in a personal account or in a form with a secret, etc.
There are always risks, the question is, does Yandex need you?
And the second question, why the hell is Yandex metric if there are free standalone solutions? For example piwik

The main problem is that in a situation where the intranet is working and the Internet is disabled, your resource will load for 5 minutes due to the fact that the metric will not be available
From a security point of view, you are building a "trojan" into the very pulp, your dmz

Doesn't the site have to be visible from the outside in order to install Yametrica? Then it will no longer be an internal site if you open access to it from an external site for Yandex. And therefore all the same risks as for ordinary sites.