Skills
skills/opensearch-project/opensearch-agent-skills/opensearch-launchpad/Gen Agent Trust Hub

opensearch-launchpad

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes uvx to download and execute duckduckgo-mcp-server and opensearch-mcp-server-py@latest. It also installs the docling library for document processing. These sources are considered legitimate or vendor-owned resources from the opensearch-project.
  • [COMMAND_EXECUTION]: Local scripts scripts/start_opensearch.sh and scripts/opensearch_ops.py are executed to manage OpenSearch cluster lifecycle and search operations.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to process untrusted documents (PDF, DOCX, etc.) via Docling to be used in a RAG pipeline with an agentic search LLM.
  • Ingestion points: Document content is ingested in Phase 1 as described in SKILL.md and document_processing_guide.md.
  • Boundary markers: No specific delimiters or instructions for the agent to ignore instructions within the documents were found.
  • Capability inventory: The LLM-powered search agent can access tools for query planning and web search as documented in agentic_search_guide.md.
  • Sanitization: Document content is processed and indexed without specific filtering for malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 06:20 PM