pgvector
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill contains 'Quick Reference' patterns (1-8) that instruct the agent to execute shell commands in local subdirectories (e.g.,
examples/openai,examples/loading). This includes running interpreters and compiled binaries (dart run,dub run,sbcl,mix run,crystal,dotnet run, andbuild/example). - [EXTERNAL_DOWNLOADS] (MEDIUM): Several patterns instruct the agent to fetch external packages from public registries using commands like
dart pub getandmix deps.get. These downloads occur at runtime and represent a dependency chain risk. - [REMOTE_CODE_EXECUTION] (MEDIUM): The skill's workflow encourages downloading dependencies and immediately executing code that utilizes them. If the skill's example files or their dependencies are malicious, this leads to remote code execution.
- [DYNAMIC_EXECUTION] (MEDIUM): Patterns 2 and 5 utilize
cmaketo perform runtime compilation of source code followed by the execution of the resulting binary (build/example).
Audit Metadata