Skills
skills/etalab-ia/skills/rag-search/Gen Agent Trust Hub

rag-search

Warn

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the global installation of a third-party NPM package '@tobilu/qmd' which is not from a verified or well-known technology vendor.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from a document index. 1. Ingestion points: Results from 'qmd query' (SKILL.md). 2. Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions when presenting search results. 3. Capability inventory: Execution of 'qmd' commands and output presentation. 4. Sanitization: Absent; the content is presented directly from the tool's JSON output.
  • [COMMAND_EXECUTION]: The skill executes the 'qmd' CLI tool with user-supplied queries using string interpolation. This poses a command injection risk if the calling environment does not properly sanitize the query string before it is executed in the shell.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 10, 2026, 12:22 PM