rag-implementation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The configuration file
assets/vector-store-config.yamlcontains environment variable placeholders and example API key fields (e.g., 'your-openai-api-key-here'). No actual secrets or credentials are hardcoded. - [Indirect Prompt Injection] (SAFE): While the documentation describes RAG architectures that ingest external documents (an inherent attack surface for indirect prompt injection), the skill itself does not implement or deploy these systems, nor does it provide scripts that handle untrusted data. The risk is purely architectural and typical for the technology described.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): Code snippets provided in the markdown files are for illustrative purposes and use standard, well-known libraries like LangChain and Sentence Transformers. No automated installation or remote script execution is present.
Audit Metadata