hybrid-search-implementation
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Potential SQL injection vulnerability in the
PostgresHybridSearchtemplate.\n - Evidence: In
SKILL.md, thehybrid_searchmethod constructs a SQL query by interpolating dictionary keys directly into thewhere_clausestring:where_clause += f" AND metadata->>'{key}' = ${len(params)}". While values are parameterized, the keys are not, allowing an attacker who controls the metadata keys to manipulate the SQL logic.\n- [EXTERNAL_DOWNLOADS]: Fetches pre-trained models from a trusted well-known service.\n - Evidence: The
search_with_rerankmethod inSKILL.mdusessentence_transformersto loadcross-encoder/ms-marco-MiniLM-L-6-v2. This operation downloads model weights from Hugging Face's official repository.\n- [PROMPT_INJECTION]: Exposure to indirect prompt injection through search query processing.\n - Evidence Chain:\n
- Ingestion points: The
querystring enters the system via thehybrid_searchandsearchmethods in the templates.\n - Boundary markers: Absent; the query is passed directly to database search functions and neural reranking models without delimiters.\n
- Capability inventory: Executes database queries (PostgreSQL/Elasticsearch) and performs model inference which can influence RAG output.\n
- Sanitization: Database values are parameterized, but the raw query text is processed by semantic search engines without specific filtering for embedded instructions.
Audit Metadata