vdb-ingest
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute administrative Python scripts and manage the local database server. It invokes 'init.py' for first-time setup, starts the 'chroma' server on 127.0.0.1:8110, and runs 'ingest.py' to process repository files.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes and indexes untrusted repository content for later retrieval by the agent.
- Ingestion points: Files within the repository are processed using 'ingest.py' as described in SKILL.md.
- Boundary markers: The skill lacks instructions or delimiters to ensure the agent ignores or treats indexed content as untrusted data.
- Capability inventory: The skill has access to Bash, Read, and Write tools, which could be exploited if an agent obeys instructions retrieved from the vector store.
- Sanitization: There is no evidence of content sanitization or instruction filtering during the ingestion pipeline.
Audit Metadata