Skills
skills/lobbi-docs/claude/vectordb/Gen Agent Trust Hub

vectordb

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • Indirect Prompt Injection (LOW): The skill implements a RAG pipeline that is susceptible to indirect prompt injection if the data stored in the vector database contains malicious instructions.
  • Ingestion points: The RAGService.query method retrieves document content (doc.content) from a vector store and injects it into the prompt.
  • Boundary markers: The prompt template in RAGService.query uses simple labels ("Context:", "Question:") but lacks strong delimiters (like XML tags or multi-character separators) or instructions to ignore embedded commands within the context.
  • Capability inventory: The skill metadata explicitly allows Bash, Read, Write, Edit, and Grep tools, which could be leveraged if an LLM is manipulated via injected context.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the retrieved doc.content before it is interpolated into the LLM prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:18 PM