skool-rag
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) as it processes external data from Skool community posts and incorporates it into the LLM context.
- Ingestion points: External content is retrieved from a Pinecone vector database in
scripts/skool_rag_query.py. - Boundary markers: The script uses markdown headers (e.g., '### Source i') and horizontal rules ('---') to isolate retrieved content from the system instructions.
- Capability inventory: The skill's query pipeline is limited to API calls to OpenAI, Pinecone, Cohere, and Anthropic; no shell execution or sensitive file system operations are triggered by the query logic.
- Sanitization: Community content is interpolated directly into the generation prompt without secondary filtering for embedded instructions.
- [EXTERNAL_DOWNLOADS]: The scripts facilitate network communication with official endpoints of well-known technology providers (OpenAI, Pinecone, Anthropic, Cohere) for standard RAG operations. These interactions are consistent with the skill's stated purpose and use official SDKs.
- [CREDENTIALS_UNSAFE]: The skill properly manages credentials by utilizing environment variables (
os.environ) rather than hardcoding sensitive keys. Placeholders provided in the documentation are for configuration guidance only.
Audit Metadata