Skills
skills/inference-sh/skills/ai-rag-pipeline/Gen Agent Trust Hub

ai-rag-pipeline

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requests broad execution permissions via allowed-tools: Bash(infsh *). While this is consistent with the vendor's intended use of the infsh CLI to manage apps and models, it grants the agent permission to run any subcommand under the infsh tool.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection where malicious instructions embedded in web pages or search results could influence the agent's behavior.
  • Ingestion points: Untrusted data enters the context via the tavily/search-assistant, exa/search, and tavily/extract tools which fetch live content from the internet.
  • Boundary markers: The templates use weak or absent boundary markers (e.g., simple headers like 'Search Results: $SEARCH_RESULT') which do not reliably prevent an LLM from following instructions contained within the variable content.
  • Capability inventory: The skill uses infsh app run across various scripts to interact with external LLM providers and search APIs.
  • Sanitization: There is no evidence of escaping, filtering, or validation performed on the retrieved content before it is interpolated into model prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 05:19 PM