ai-gateway
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill presents an indirect prompt injection surface. Ingestion points: External provider configurations and LLM request data. Boundary markers: None identified in instructions or code. Capability inventory: Read, Write, Grep, and Glob permissions on the file system, specifically targeting the .env file. Sanitization: None present; environment values are used directly to initialize LLM clients.
- [CREDENTIALS_UNSAFE] (LOW): The documentation identifies a specific sensitive path at /opt/cloodle/tools/ai/multi_agent_rag_system/.env for storing API keys. Hardcoding fixed paths for secrets increases the risk of targeted data exposure if the agent is misused. API key examples provided are placeholders.
- [EXTERNAL_DOWNLOADS] (LOW): The skill logic imports external community packages (langchain-ollama, langchain-anthropic, langchain-huggingface) which are not version-pinned within the skill metadata, introducing a minor supply chain risk.
- [COMMAND_EXECUTION] (INFO): Includes a curl command to localhost for connectivity testing, which is a benign and restricted diagnostic step.
Audit Metadata