agently-knowledge-base-and-rag
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The documentation describes a standard Retrieval-Augmented Generation (RAG) workflow in references/retrieval-to-answer.md where retrieved data is injected into the prompt. This pattern inherently possesses a surface for indirect prompt injection. * Ingestion points: Data enters the agent context through the info() method. * Boundary markers: The prompt pattern uses simple interpolation ({retrieval_results}) without robust delimiters. * Capability inventory: The skill describes retrieval and answering; no direct code execution or file-write capabilities are defined. * Sanitization: The documentation does not detail specific sanitization or validation of retrieved content.
- [EXTERNAL_DOWNLOADS]: The skill references official vendor resources, including the agently.tech documentation site and the AgentEra/Agently GitHub repository. These are verified vendor-owned assets and do not involve untrusted third-party sites.
- [NO_CODE]: The skill consists entirely of markdown files providing instructions and references, with no executable scripts, binary files, or hidden code detected.
Audit Metadata