RAG Implementer
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Significant risk of Indirect Prompt Injection due to the processing of untrusted external documents in conjunction with high-impact capabilities.\n
- Ingestion points: The skill ingests external data from sources identified in README.md (Phase 1) and utilizes the 'document-parser-mcp' as specified in manifest.yaml.\n
- Boundary markers: No boundary markers, delimiters, or isolation instructions are defined to separate retrieved content from the agent's system instructions, leaving the LLM vulnerable to embedded commands.\n
- Capability inventory: According to manifest.yaml, the skill possesses authority for 'modifies_files' and 'makes_api_calls'. If the agent is successfully injected via malicious data, these capabilities could be used to alter the local environment or exfiltrate data.\n
- Sanitization: The instructions lack any requirement for sanitizing, validating, or filtering ingested external content before it is processed by the embedding or retrieval pipeline.
Recommendations
- AI detected serious security threats
Audit Metadata