Skills
NYC
skills/ovachiever/droid-tings/llamaindex/Gen Agent Trust Hub

llamaindex

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill implements patterns for ingesting untrusted data from various external sources which are then interpolated into LLM prompts.
  • Ingestion points: Use of SimpleWebPageReader, GithubRepositoryReader, and PDFReader in references/data_connectors.md to pull content from external URLs and files.
  • Boundary markers: The PromptTemplate in references/query_engines.md uses dashed delimiters (---------------------) to separate context from instructions, which provides some structural separation but is not a security guarantee.
  • Capability inventory: The agents and query engines use LLMs (OpenAI) to process data and can execute tools like a calculator (multiply function).
  • Sanitization: No explicit sanitization, HTML stripping, or content filtering is shown before data is passed to the model.
  • External Dependencies (SAFE): The documentation refers to official LlamaIndex reader packages and models.
  • Evidence: pip install llama-index-readers-notion in references/data_connectors.md refers to a standard community-supported package.
  • Evidence: SentenceTransformerRerank in references/query_engines.md downloads models from Hugging Face.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:01 PM