rag
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection.
- Ingestion points: Untrusted content is ingested into the knowledge base through methods like add_document and add_file as seen in rag.py and SKILL.md.
- Boundary markers: The context_template in rag.py provides minimal separation between context and user queries, lacking robust delimiters.
- Capability inventory: Metadata in SKILL.md authorizes the use of system tools such as Bash, Read, Write, and Grep, which could be targeted by an injection attack.
- Sanitization: The implementation in rag.py does not include any sanitization or filtering of the retrieved content before it is passed to the LLM.
Audit Metadata