chroma
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides educational content and boilerplate code for the Chroma vector database. All instructions and examples follow standard development practices.
- [SAFE]: External dependencies and package references (e.g., chromadb, @chroma-core/*) are official resources provided by the vendor (chroma-core).
- [SAFE]: Credential management instructions emphasize the use of environment variables and .env files, which is a recommended security practice for handling sensitive API keys.
- [SAFE]: The skill mentions local configuration paths (e.g., ~/.chroma/credentials) in the context of describing how the official Chroma CLI operates, which is standard behavior for such tooling.
- [SAFE]: While the skill assists in building RAG (Retrieval-Augmented Generation) systems that ingest external data, it identifies this as a standard use case and provides validation logic for data size and metadata structure.
Audit Metadata