chroma
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill is designed to ingest and retrieve external documents for RAG applications, which is a common surface for indirect prompt injection. However, this is inherent to the technology's purpose and the skill does not exhibit any malicious behavior.
- Ingestion points:
collection.add()method inSKILL.mdis the primary entry point for untrusted external data. - Boundary markers: None present in the code snippets; users should implement their own delimiters when processing retrieved content.
- Capability inventory: File system access for persistent storage (
./chroma_db) and network connectivity for communicating with embedding providers (OpenAI, HuggingFace) or a remote Chroma server. - Sanitization: The skill relies on the underlying
chromadblibrary and the LLM's own safety filters for processing retrieved text. - Data Exposure & Exfiltration (SAFE): The skill uses placeholders for API keys (e.g.,
api_key="your-key") in its examples, which does not constitute a credential leak. - External Downloads (SAFE): Package installations (
pip,npm) reference the officialchromadbpackages, which are well-known and trustworthy.
Audit Metadata