Skills
skills/cuba6112/skillfactory/adk-rag-agent/Gen Agent Trust Hub

adk-rag-agent

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external sources (PDF, HTML, etc.) which are then processed and included in the AI's response context, creating a surface for indirect prompt injection.
  • Ingestion points: rag.import_files in references/corpus-setup.md imports data from gs:// buckets and public URLs.
  • Boundary markers: The INSTRUCTION_PROMPT in SKILL.md does not use explicit delimiters (like XML tags or markdown blocks) to isolate retrieved document content from system instructions.
  • Capability inventory: The VertexAiRagRetrieval tool in SKILL.md allows the agent to retrieve and process content from a configured corpus.
  • Sanitization: No sanitization or verification of the content imported from URLs or buckets is performed.
  • [External Downloads] (LOW): The skill references an external sample repository.
  • Evidence: https://github.com/google/adk-samples/tree/main/python/agents/RAG in SKILL.md.
  • Status: Downgraded to LOW/INFO as google is a Trusted GitHub Organization per [TRUST-SCOPE-RULE].
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:44 PM