ai-rag-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.\n
- Ingestion points: Untrusted external data from search results (e.g., from Tavily or Exa) is ingested in
SKILL.mdexamples.\n - Boundary markers: Lacks robust delimiters or instructions to ignore embedded commands, relying on simple text headers like 'Search Results:'.\n
- Capability inventory: Authorized command execution via the
infshCLI as defined in the skill's allowed-tools configuration.\n - Sanitization: No sanitization or escaping is performed on retrieved web content before it is interpolated into subsequent language model prompts.\n- [EXTERNAL_DOWNLOADS]: The skill provides links to installation scripts and additional toolkits hosted on the author's official GitHub repository.\n- [COMMAND_EXECUTION]: Uses the
infshcommand-line interface to orchestrate research tasks, search operations, and model invocations. This usage is explicitly restricted and authorized by the skill's execution environment configuration.
Audit Metadata