rag-enhancement
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface detected. The skill's primary function involves ingesting and processing untrusted data which could contain malicious instructions targeting the LLM.\n
- Ingestion points: Data is pulled via
memory_query,memory_search,memory_functions,memory_similar, andmemory_sessions.\n - Boundary markers: Absent. The skill does not define specific delimiters or instructions to treat retrieved context as data rather than instructions.\n
- Capability inventory: The skill uses a suite of memory tools and a
local_askfunction for generation. While these are retrieval-focused, they allow retrieved content to influence the final prompt directly.\n - Sanitization: Absent. No logic is provided to sanitize or escape content retrieved from the database or source files.\n- [DATA_EXFILTRATION] (SAFE): The skill accesses sensitive technical information including database schemas and architectural decisions. However, this access is aligned with the skill's stated primary purpose of RAG enhancement and no external network exfiltration patterns were identified.
Audit Metadata