rag
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an architectural pattern for Retrieval-Augmented Generation (RAG), which is vulnerable to indirect prompt injection.
- Ingestion points: Document loading functions in 'SKILL.md' and 'assets/retriever-pipeline.java' ingest data from the file system into the agent context.
- Boundary markers: The provided implementation examples lack explicit delimiters to isolate untrusted document content from system instructions.
- Capability inventory: The skill leverages 'Read', 'Write', and 'Bash' tools, which could be misused if the agent inadvertently follows malicious instructions embedded in retrieved text chunks.
- Sanitization: The implementation code lacks content validation or sanitization logic for the data retrieved from external sources.
Audit Metadata