faiss
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [DYNAMIC_EXECUTION]: The LangChain integration example in SKILL.md uses 'allow_dangerous_deserialization=True'. This parameter enables the use of the pickle module for loading index data, which can result in arbitrary code execution if the source index file is malicious.
- [INDIRECT_PROMPT_INJECTION]: The skill documentation facilitates the ingestion of external vector data which could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: faiss.read_index and FAISS.load_local (SKILL.md).
- Boundary markers: Absent; there are no instructions provided to treat loaded vector data as untrusted or to wrap it in specific delimiters.
- Capability inventory: File system read and write capabilities via faiss.write_index, faiss.read_index, save_local, and load_local (SKILL.md).
- Sanitization: Absent; the skill lacks validation or sanitization logic for data loaded from external index files.
- [METADATA_POISONING]: The author name specified in the SKILL.md metadata ('Orchestra Research') differs from the provided author context ('L-yifan'), which is a form of deceptive metadata.
Audit Metadata