Skills
NYC
skills/microck/ordinary-claude-skills/chroma/Gen Agent Trust Hub

chroma

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (MEDIUM): The skill is designed to ingest and query external documents for RAG applications, creating a significant Indirect Prompt Injection surface.
  • Ingestion points: Untrusted data enters via collection.add(documents=...) and collection.query(query_texts=...) in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation.
  • Capability inventory: The skill utilizes HttpClient for network communication and PersistentClient for file system persistence.
  • Sanitization: No sanitization, escaping, or validation of document content is demonstrated.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill specifies dependencies without version pinning, which can lead to the installation of unverifiable or malicious package versions.
  • Evidence: YAML frontmatter lists chromadb and sentence-transformers without version constraints.
  • COMMAND_EXECUTION (LOW): The skill provides instructions for the agent or user to execute commands locally.
  • Evidence: Documentation includes shell commands for installation (pip install, npm install) and server operations (chroma run).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 06:57 AM