RAG Architecture Skill
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a collection of educational content and illustrative code snippets for RAG implementation. All referenced tools and services, such as Pinecone, Weaviate, and Chroma, are well-known technology providers. The code snippets utilize standard libraries like LangChain and NumPy.
- [PROMPT_INJECTION]: The skill describes an architecture designed to process external content, which inherently involves an indirect prompt injection surface. It provides mitigations for this: 1. Ingestion points: External document loading ('Document Processing' in SKILL.md). 2. Boundary markers: Prompt templates use '---' delimiters and 'Context:' headers. 3. Capability inventory: 'Agentic RAG' mentions tools for document and web search. 4. Sanitization: Prompts include instructions to 'Only use information from the provided context' and 'say so' if information is missing.
Audit Metadata