raglite
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's operations are consistent with its stated purpose of providing local-first RAG capabilities.
- [EXTERNAL_DOWNLOADS]: The skill installs the 'raglite' Python package, which is the core library required for its functionality and aligns with the skill name.
- [DATA_EXFILTRATION]: The skill accesses local documents and creates a database at '~/Documents/xiaodazi/raglite.db'. These operations are limited to the local filesystem and do not include network exfiltration.
- [PROMPT_INJECTION]: The skill processes external documents (PDF, Markdown), creating a surface for indirect prompt injection. 1. Ingestion points: 'insert_document' function for local files. 2. Boundary markers: None specified. 3. Capability inventory: Local file reading and RAG-based answer generation via 'rag' function. 4. Sanitization: No content validation or sanitization of ingested documents is performed.
Audit Metadata