Skills
NYC
skills/microck/ordinary-claude-skills/AgentDB Vector Search/Gen Agent Trust Hub

AgentDB Vector Search

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill uses npx agentdb@latest to download and run code from an untrusted NPM package at runtime.
  • [REMOTE_CODE_EXECUTION] (HIGH): Executing unpinned remote packages from an untrusted organization (ruvnet) via npx presents a significant code execution risk.
  • [PROMPT_INJECTION] (HIGH): The RAG implementation in SKILL.md is vulnerable to indirect prompt injection. Ingestion point: db.searchSimilar retrieves untrusted context. Boundary markers: Absent in prompt construction. Capability inventory: Filesystem write access and CLI command execution. Sanitization: None applied to retrieved data before interpolation into the prompt.
  • [COMMAND_EXECUTION] (MEDIUM): The skill triggers CLI-based database operations (init, query, import, stats) through the unverified agentdb package.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:30 AM