AgentDB Vector Search
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on
npx agentdb@latestto initialize, query, and manage the vector database. This command downloads the latest package from the NPM registry at runtime from an author (ruvnet) not included in the trusted organizations list. - REMOTE_CODE_EXECUTION (MEDIUM): The MCP integration instructions (
claude mcp add agentdb npx agentdb@latest mcp) configure the agent environment to execute remotely fetched code, which could lead to arbitrary code execution if the package is compromised. - COMMAND_EXECUTION (MEDIUM): Documentation encourages executing CLI commands with various flags and arguments. If these are automated by an agent processing user-controlled input, it could lead to command injection vulnerabilities.
- PROMPT_INJECTION (LOW): The skill's primary use case is Retrieval Augmented Generation (RAG), which is vulnerable to indirect prompt injection.
- Ingestion points: External data enters the context through
db.storeWithEmbeddinganddb.batchStoreinSKILL.md. - Boundary markers: Absent; the RAG prompt template (
Context: ${context.map(c => c.text).join('\n')}) does not use delimiters to separate untrusted context from instructions. - Capability inventory: The skill uses
llm.generateto process the combined context and question, which can lead to the model following instructions embedded in retrieved documents. - Sanitization: No sanitization, validation, or escaping of the retrieved document content is performed before interpolation.
Audit Metadata