The Agent Skills Directory

PROMPT_INJECTION (LOW): The implementation in examples/agentic_rag.py and examples/basic_rag.py interpolates external data directly into LLM prompts using f-strings (e.g., decision_prompt on line 53 and answer_prompt on line 193 of agentic_rag.py). This creates a vulnerability where malicious instructions within retrieved documents could override the agent's behavior.
Indirect Prompt Injection (LOW): Mandatory Evidence Chain: 1. Ingestion points: query and context parameters in agentic_rag.py and basic_rag.py. 2. Boundary markers: Absent; retrieved context chunks are joined with simple double newlines. 3. Capability inventory: The skill is limited to vector database queries and LLM generation; no high-privilege capabilities like subprocess.run, eval(), or file system writes were found. 4. Sanitization: No escaping, filtering, or structured validation is applied to the retrieved text before it is inserted into the final prompt.

rag-agent-builder