The Agent Skills Directory

[PROMPT_INJECTION]: The RAGProvider implementation in SKILL.md creates a surface for indirect prompt injection by interpolating retrieved database content directly into the system prompt.\n
Ingestion points: The seed-documents.sh script reads files from the local filesystem into the database, which are later retrieved by the RAGProvider during chat sessions.\n
Boundary markers: The prompt uses a simple 'Context:' header but lacks strict delimiters (such as XML tags or unique boundary tokens) to isolate untrusted content from system instructions.\n
Capability inventory: The skill has the ability to perform database queries via the pg library and interact with a local Ollama API via fetch.\n
Sanitization: While database queries are parameterized, the content retrieved from documents is not sanitized or validated for embedded instructions before being placed in the prompt context.\n- [COMMAND_EXECUTION]: The skill includes several shell scripts intended for environment setup and management.\n
Evidence: setup-rag-database.sh, seed-documents.sh, and check-rag-status.sh use psql, curl, and the pgpm utility to manage the database and local services.\n- [EXTERNAL_DOWNLOADS]: The setup-rag-database.sh script manages the lifecycle of a database container.\n
Evidence: Pulls and starts the pyramation/postgres:17 Docker image, which is the expected behavior for the vendor's database management toolset.

agentic-kit-rag