ai-rag-pipeline

The skill’s described capabilities (RAG pipelines with external tools) align with its stated purpose, but the install pattern (curl|sh from a remote host) is a known security risk and should be replaced with a pinned, verifiable installation process. Data flows involve external services, which is expected for RAG but requires explicit consent, data governance, and minimal-privilege design. Overall, the footprint is plausible for the intended purpose but elevates security risk due to the unsigned remote install and broad external calls; treat as suspicious until a verifiable, auditable install and explicit data-handling policies are provided.