typesense
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The
generate_schema_context.jsscript retrieves sample data (facet values) from the Typesense database to construct an LLM prompt context. If the database contains malicious instructions, they could influence the agent's behavior when it processes the schema. - Ingestion points:
generate_schema_context.jsfetches data from the Typesense server via the API. - Boundary markers: Absent. The workflow in
SKILL.mdlacks delimiters or specific instructions for the agent to disregard instructions within the schema context. - Capability inventory: Subprocess execution of Node.js scripts and
curlcommands inimport_documents.sh. - Sanitization: Absent. Facet values are joined into a string and inserted directly into the prompt without escaping or validation.
- Command Execution (SAFE): The included scripts (
search.js,create_collection.js,import_documents.sh) perform standard database operations using the official Typesense client orcurl. No unsafe execution of dynamic code from untrusted sources was detected.
Audit Metadata