zvec
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill acts as documentation for the legitimate Zvec project. All provided code examples and administrative instructions (such as collection destruction) are consistent with the documented functionality of the library for local vector storage and retrieval.\n- [EXTERNAL_DOWNLOADS]: The skill mentions the installation of the 'zvec' package via official package managers (pip and npm). It also notes that pre-trained AI models for embedding and reranking are automatically downloaded upon first use, which is a standard feature for local machine learning libraries from reputable vendors.\n- [PROMPT_INJECTION]: The skill documents an interface that processes untrusted external data, creating a surface for indirect prompt injection.\n
- Ingestion points: Documents enter the system through 'insert' and 'upsert' operations in 'references/data-operations.md'.\n
- Boundary markers: None are specified; the library treats metadata and text fields as data objects.\n
- Capability inventory: The library supports powerful operations including directory-level deletion ('collection.destroy') and filtered data removal ('collection.delete_by_filter') as documented in 'references/collections.md' and 'references/data-operations.md'.\n
- Sanitization: Input validation or sanitization strategies are not covered in the library's basic documentation.
Audit Metadata