skool-rag

The package implements a typical RAG pipeline that aligns with the declared purpose: scraping Skool content, creating OpenAI embeddings, storing vectors in Pinecone, reranking with Cohere, and generating responses with Anthropic. No explicit malicious code patterns, hardcoded secrets, obfuscated payloads, or suspicious remote endpoints were found in the provided metadata. Main security concerns are privacy and data-exposure due to scraping and storage of potentially private content, and the increased credential attack surface from four third-party API keys. Recommended mitigations: limit scraping scope to public content, implement PII detection and redaction before indexing, enforce retention and secure-delete policies for local and remote data, and adopt secret management and key rotation for API credentials.