Skills
skills/sivag-lab/roth_mcp/similarity-search-patterns/Gen Agent Trust Hub

similarity-search-patterns

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Potential SQL injection vulnerability in the PgVectorStore.search method within resources/implementation-playbook.md. The implementation constructs SQL queries by directly interpolating dictionary keys from the filter_metadata parameter into the query string (metadata->>'{key}'). If these keys are sourced from untrusted user input, an attacker could manipulate the query logic to bypass filters or access unintended data.
  • [EXTERNAL_DOWNLOADS]: The skill downloads semantic search model weights from Hugging Face (cross-encoder/ms-marco-MiniLM-L-6-v2) via the sentence-transformers library in resources/implementation-playbook.md. This is a routine operation for search tasks using well-known services.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 06:51 AM