using-vector-databases
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The Rust example README (examples/rust-axum-vector/README.md) suggests installing Rust via 'curl | sh' from 'sh.rustup.rs'. While this is a remote execution pattern, it targets a trusted official source (Rustup) and is considered low risk.
- [DATA_EXFILTRATION] (HIGH): In 'examples/qdrant-python/rag_pipeline.py', the 'ingest_document' function reads files directly from 'file_path' provided via the API in 'main.py'. There is no validation or sanitization of this path, allowing an attacker or a compromised agent to read arbitrary sensitive files from the host environment.
- [PROMPT_INJECTION] (HIGH): The RAG pipeline in 'examples/qdrant-python/rag_pipeline.py' implements an Indirect Prompt Injection surface. It retrieves untrusted content and interpolates it directly into the LLM prompt without sanitization or robust boundary markers.
- Ingestion points: 'examples/qdrant-python/main.py' via the '/ingest' endpoint and 'rag_pipeline.py' via 'ingest_document'.
- Boundary markers: Absent. The prompt uses a simple 'Context:' header to delimit untrusted data.
- Capability inventory: Network operations (OpenAI API), local file system read access ('open()').
- Sanitization: Absent. No filtering of malicious instructions within the document text or validation of file paths.
Recommendations
- AI detected serious security threats
Audit Metadata