Skills
skills/bagelhole/devops-security-agent-skills/rag-infrastructure/Gen Agent Trust Hub

rag-infrastructure

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a Retrieval-Augmented Generation (RAG) architecture that incorporates external data from documents directly into the LLM's system prompt. This pattern is vulnerable to indirect prompt injection if ingested content contains malicious instructions designed to hijack the agent's behavior.
  • Ingestion points: Document content is processed through ingest_documents and chunk_text functions in SKILL.md before being stored in a vector database.
  • Boundary markers: The rag_query function in SKILL.md uses string concatenation with a simple "Context:" label and "---" separators, which lacks robust isolation or explicit instructions for the LLM to ignore nested commands within the retrieved data.
  • Capability inventory: The skill is designed to perform vector database queries and interact with LLM APIs (OpenAI/vLLM) to generate responses based on the retrieved context.
  • Sanitization: The skill joins retrieved text chunks and interpolates them directly into the system message without escaping, validation, or filtering for instruction-like patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 11:43 PM