Skills
skills/omidzamani/dspy-skills/dspy-rag-pipeline/Gen Agent Trust Hub

dspy-rag-pipeline

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection through its retrieval mechanism.
  • Ingestion points: Data enters the agent context via the self.retrieve call in ProductionRAG and MultiHopRAG classes within SKILL.md.
  • Boundary markers: Absent; the GenerateAnswer signature does not implement delimiters or 'ignore' instructions to isolate retrieved context from system instructions.
  • Capability inventory: The agent has Write and Read permissions, which could be exploited to manipulate files (e.g., rag_optimized.json) if the agent follows instructions hidden in retrieved data.
  • Sanitization: Absent; retrieved text is passed directly to the model without validation.
  • DATA_EXFILTRATION (LOW): The skill hardcodes a connection to a non-whitelisted external IP address (20.102.90.50) over unencrypted HTTP. While used for legitimate tutorials, this pattern is insecure for production data retrieval.
  • EXTERNAL_DOWNLOADS (SAFE): The automated scan alert for 'logger.info' is a false positive caused by a parsing error; it refers to the standard Python logging library, not a malicious URL.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:17 PM