vector-search-workflows
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructions recommend installing the 'mcp-vector-search' package via pip. While this is the intended functionality of the skill, the repository source and author are not part of the trusted external sources list.
- COMMAND_EXECUTION (LOW): The workflow relies on executing CLI commands such as 'mcp-vector-search setup' and 'mcp-vector-search index'. These commands interact with the local filesystem to create configurations and index codebases.
- INDIRECT_PROMPT_INJECTION (LOW): The skill functions by indexing codebase files into a vector database (ChromaDB) for semantic search. This creates an attack surface where malicious instructions embedded in the codebase could be retrieved during a search and potentially influence the agent's logic.
- Ingestion points: Local codebase files are processed by the 'mcp-vector-search index' command.
- Boundary markers: None specified; the skill does not provide explicit delimiters for the searched content.
- Capability inventory: The skill uses CLI commands to perform indexing and search operations.
- Sanitization: No explicit sanitization or filtering of the indexed content is described.
Audit Metadata