Skills
skills/natea/fitfinder/AgentDB Vector Search/Gen Agent Trust Hub

AgentDB Vector Search

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill instructions frequently use npx agentdb@latest for database operations, MCP setup, and benchmarking.
  • Evidence: Commands such as npx agentdb@latest init ./vectors.db and npx agentdb@latest mcp are used throughout the skill.
  • Risk: Using @latest with npx downloads and executes code from the npm registry without version pinning. Since the package author/organization (ruvnet) is not on the trusted list, this poses a supply chain risk if the package were compromised.
  • PROMPT_INJECTION (LOW): The skill is explicitly designed for Retrieval-Augmented Generation (RAG), creating a surface for indirect prompt injection.
  • Ingestion points: Untrusted data is ingested into the database via storeWithEmbedding or CLI import commands (found in SKILL.md).
  • Boundary markers: The ragQuery example shows context being directly interpolated into a prompt string (Context: ${context.map(c => c.text).join('\n')}) without any delimiters or 'ignore' instructions.
  • Capability inventory: The skill enables the agent to fetch stored documents and pass them to llm.generate() for response synthesis.
  • Sanitization: No sanitization or validation of the retrieved content is performed before it is presented to the LLM.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:16 PM