agentic-kit-rag

This skill implements a standard RAG integration: it connects to a PostgreSQL (pgvector) database and to an Ollama embeddings/chat service. No direct evidence of intentionally malicious code (reverse shells, obfuscation, hardcoded attacker endpoints, or credential exfiltration to embedded remote domains) is present. The primary risks are configuration-driven: if OLLAMA_HOST is set to an attacker-controlled endpoint, sensitive prompts, documents, and embeddings will be sent externally (data exfiltration / credential forwarding risk). There is also moderate risk from unvalidated schema interpolation into SQL (identifier-level injection if env vars are attacker-controlled) and the instruction to run a setup shell script without showing its contents. Overall the code is coherent with its purpose but requires safe operational practices: validate and restrict OLLAMA_HOST, avoid running untrusted setup scripts, validate/sanitize RAG_SCHEMA, and avoid using weak example credentials in production.