AgentDB Vector Search
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill documentation repeatedly uses 'npx agentdb@latest', which downloads and executes code from the npm registry. The 'agentdb' package and its associated organization 'ruvnet' are not on the trusted sources list.
- REMOTE_CODE_EXECUTION (MEDIUM): The use of 'npx agentdb@latest' for CLI tasks and MCP server integration involves executing remote code in the local environment.
- COMMAND_EXECUTION (LOW): The skill provides numerous shell commands for managing local vector database files, including initialization, querying, and stats generation.
- PROMPT_INJECTION (LOW): Category 8: An indirect prompt injection surface is present in the RAG implementation example. 1. Ingestion points: Untrusted data enters via the 'question' parameter and retrieved 'context' from the vector database (SKILL.md line 144). 2. Boundary markers: Absent; the prompt uses simple string concatenation (SKILL.md line 151). 3. Capability inventory: The skill constructs prompts for LLM generation. 4. Sanitization: No input validation or escaping is present.
Audit Metadata