hybrid-retrieval
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill consists of educational documentation and Python code snippets for semantic and keyword search fusion.
- [Category 1: Prompt Injection]: No malicious instructions or overrides were found in the skill body or metadata.
- [Category 2: Data Exposure]: No sensitive file access or hardcoded credentials detected. Placeholder keys (e.g., 'api_key="..."') are used appropriately for demonstration.
- [Category 3: Obfuscation]: No encoded commands, zero-width characters, or homoglyphs are present.
- [Category 4 & 10: Code Execution]: The code snippets use reputable libraries (LangChain, Pinecone, Weaviate) for their intended purpose. There is no evidence of remote script execution or unsafe dynamic execution.
- [Category 8: Indirect Prompt Injection]: While the skill defines a retrieval surface that processes user queries, it does not implement a full agent loop or execute instructions found in retrieved content, and it lacks the exploitable capabilities required for this risk to manifest within the skill's scope.
Audit Metadata