rag-wrapper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill defines a workflow vulnerable to Indirect Prompt Injection (Category 8). * Ingestion points: Untrusted data is retrieved from Qdrant using the
qdrant-findtool in SKILL.md. * Boundary markers: The prompt template uses Markdown headers and horizontal rules as delimiters, which can be bypassed by malicious content. * Capability inventory: The skill delegates tasks to atarget-agent, which may have sensitive capabilities that could be abused by instructions hidden in the retrieved context. * Sanitization: No sanitization or escaping of the database content is described or implemented before interpolation into the prompt template. - [NO_CODE] (SAFE): The skill consists exclusively of Markdown documentation and prompt patterns; no executable scripts, binaries, or package manifests were detected.
Audit Metadata