rag-pipeline-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to build systems that ingest untrusted external data, creating a significant attack surface for indirect prompt injection.
- Ingestion points: The logic in
SKILL.mdusesdocument.textas the primary data source for chunking and vector storage. - Boundary markers: Absent. The templates do not demonstrate the use of XML tags, delimiters, or system instructions to encapsulate retrieved context.
- Capability inventory: The resulting pipeline is intended to drive the generation phase of an AI assistant, meaning malicious instructions in a document could hijack the assistant's behavior.
- Sanitization: Absent. There is no validation or filtering logic provided for data entering the vector store or being retrieved for the LLM context.
- External Dependencies (LOW): The skill's code examples rely on several external Python libraries which would need to be installed in a runtime environment.
- Evidence: Code snippets reference
langchain,pinecone-client, andsentence-transformers. - Credentials Safety (INFO): The code includes placeholders for API keys.
- Evidence:
pinecone.init(api_key="...", environment="...")inSKILL.md. While safe as a placeholder, it highlights the requirement for sensitive credentials in the resulting implementation.
Recommendations
- AI detected serious security threats
Audit Metadata