chroma
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill documents RAG patterns which ingest and retrieve untrusted document data.
- Ingestion points: Data enters via
collection.addandcollection.queryinSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are demonstrated in the snippets.
- Capability inventory: Documentation includes local file system persistence (
PersistentClient) and local network server connections (HttpClient) inSKILL.md. - Sanitization: No input sanitization is present in the basic documentation examples.
- Credentials Safety (SAFE): The code snippets use safe placeholders like 'your-key' for OpenAI and HuggingFace API keys.
- External Downloads (SAFE): The skill references standard, trusted packages (chromadb, sentence-transformers, langchain) from official registries.
Audit Metadata