chroma
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): Trusted Package Dependencies. The skill references official 'chromadb' and '@chroma-core' scoped libraries for Python and Node.js. These are standard, well-maintained packages from trusted sources for the service described.
- [EXTERNAL_DOWNLOADS] (SAFE): Documentation Reference. The skill points to 'https://docs.trychroma.com/llms.txt' for further documentation. This is a trusted endpoint for documentation intended for LLM ingestion.
- [CREDENTIALS_UNSAFE] (SAFE): Environment Variable Usage. Code examples across all files correctly implement environment variable retrieval (e.g., 'process.env.CHROMA_API_KEY' and 'os.getenv') for sensitive API keys and tenant information, preventing credential leakage.
- [PROMPT_INJECTION] (SAFE): Instructional Integrity. The instructions in SKILL.md and supporting files focus strictly on implementation logic and information gathering for database configuration without attempting to override agent safety protocols.
Audit Metadata