raglite
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'raglite' Python package from PyPI to facilitate document indexing and retrieval.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present due to the ingestion and processing of external documents.
- Ingestion points: External documents such as 'report.pdf' are ingested via the 'insert_document' function in SKILL.md.
- Boundary markers: The provided implementation does not include explicit boundary markers or instructions to prevent the model from following commands contained within the retrieved text.
- Capability inventory: The skill as defined in SKILL.md possesses the capability to read local files and write to a local database at '~/Documents/xiaodazi/raglite.db'.
- Sanitization: There is no evidence of sanitization or filtering of document content before it is processed by the RAG system.
Audit Metadata