ai-rag-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core RAG functionality. \n
- Ingestion points: External data is fetched from the web using tools such as
tavily/search-assistant,exa/search, andtavily/extractas documented inSKILL.md. \n - Boundary markers: The provided examples lack explicit delimiters (e.g., XML tags) or system instructions to ignore instructions embedded within the retrieved search results, which could allow malicious content to influence agent behavior. \n
- Capability inventory: The skill is configured with
Bash(infsh *)permissions inSKILL.md, which provides a surface for command execution if the agent is manipulated by injected content. \n - Sanitization: Web content is interpolated directly into shell variables and JSON payloads for LLMs without evidence of filtering or escaping mechanisms. \n- [COMMAND_EXECUTION]: The skill defines a requirement for the
Bashtool, restricted to theinfshcommand namespace, to facilitate interaction with AI applications and search engines. \n- [EXTERNAL_DOWNLOADS]: Recommends the installation of additional tools and configuration from the author's official repository usingnpx skills add inference-sh/skills@agent-tools.
Audit Metadata