ai-rag-pipeline
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
infshcommand-line tool via bash to run AI models and search engines. - Evidence: Frequent use of
infsh app runcommands throughout the SKILL.md examples. - Evidence: Use of shell variable interpolation (e.g.,
"$SEARCH_RESULT") to pass data from one command to another, which can lead to command injection or JSON parsing errors if the variable content contains shell metacharacters or unbalanced quotes. - [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from web searches and interpolates it directly into LLM prompts, creating a surface for indirect prompt injection.
- Ingestion points: Search results from Tavily and Exa are stored in variables and then inserted into subsequent model prompts in
SKILL.md. - Boundary markers: Absent. There are no delimiters or specific instructions for the AI to ignore instructions embedded within the retrieved context.
- Capability inventory: The agent can execute shell commands via
infshand access external APIs. - Sanitization: Absent. External content is used raw as retrieved from the search tools.
- [EXTERNAL_DOWNLOADS]: The skill points users toward external resources for installation and dependency management.
- Evidence: Mentions an installation guide for the CLI hosted at
https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md. - Evidence: Encourages the use of
npx skills addto install additional components from the vendor's repository.
Audit Metadata