rag-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill implements a RAG architecture which creates an attack surface where malicious instructions embedded in ingested documents could influence the agent during retrieval.
- Ingestion points: The
ingesttool inmcp/servers/rag-server/server.pyaccepts and processes arbitrary string content from the user or external files. - Boundary markers: None. The template does not include implementation for instruction delimiters or specific guidance to the LLM to ignore commands found within retrieved content.
- Capability inventory: The server performs vector database operations (upsert and search) and handles embedding generation using standard libraries.
- Sanitization: No validation or sanitization is performed on the content before it is stored or retrieved.
Audit Metadata