rerank
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The attributes parameter allows for custom evaluation prompts. If these strings are constructed from untrusted user input, they could be used to override the agent's ranking logic or bypass instructions.
- [COMMAND_EXECUTION]: The skill accepts arbitrary SQL via the sql request field. This allows for extensive data access and presents a risk of SQL injection if the agent interpolates unsanitized user input into the query string.
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to the vendor's API at api.exopriors.com to perform its core reranking functions.
- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection.
- Ingestion points: Content retrieved from the payload column (as seen in SKILL.md) is ingested and processed by the LLM during the comparison phase.
- Boundary markers: There are no explicit delimiters or instruction-isolation markers defined in the API's data structure to separate untrusted content from the system prompts.
- Capability inventory: The skill combines LLM-based content evaluation with the ability to execute SQL queries via an external API.
- Sanitization: The skill does not implement automated sanitization of the input data; the documentation relies on warnings to the user to treat retrieved text as untrusted.
Audit Metadata