vector-search
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill codifies implementation patterns for semantic search and document retrieval without introducing malicious code or insecure execution methods.\n- [EXTERNAL_DOWNLOADS]: Documents integration with established third-party services like OpenAI and Ollama for embedding generation using standard API patterns.\n- [CREDENTIALS_UNSAFE]: References environment variables such as OPENAI_API_KEY for credential management, which is the recommended approach for securing API access.\n- [INDIRECT_PROMPT_INJECTION]: As a RAG infrastructure skill, it manages the flow of external data into the agent context, which is a known vector for indirect instructions. This is a design characteristic of RAG systems rather than a flaw in the skill itself.\n
- Ingestion points: Data from the document_chunks and domain_memories tables in Supabase/PostgreSQL.\n
- Boundary markers: Not explicitly defined in the provided code snippets.\n
- Capability inventory: Performs database RPC calls and external API requests to embedding providers.\n
- Sanitization: Implementation uses parameterized RPC calls for database security; however, retrieved text requires external sanitization before being processed by the LLM.
Audit Metadata