upstash-vector-db-skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill exposes an Indirect Prompt Injection surface (Category 8) through its RAG (Retrieval Augmented Generation) implementation examples. 1. Ingestion points: Document metadata and text retrieved via
index.queryin the RAG and Vercel Function examples. 2. Boundary markers: Absent; the example code joins metadata directly into a context string for the LLM without using delimiters or protective instructions. 3. Capability inventory: The skill has database write/delete capabilities viaindex.upsert,index.delete, andindex.reset. 4. Sanitization: No sanitization of retrieved database content is demonstrated before it is passed to the LLM. - [EXTERNAL_DOWNLOADS] (SAFE): The skill installs the
@upstash/vectorpackage. This is an official SDK from a trusted organization (Upstash), qualifying for a downgraded severity under the TRUST-SCOPE-RULE. - [CREDENTIALS_UNSAFE] (SAFE): API credentials like
UPSTASH_VECTOR_REST_TOKENare managed correctly through environment variables and placeholders. No hardcoded secrets were detected.
Audit Metadata