vector-search
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's retrieval-first strategy creates an indirect prompt injection surface.
- Ingestion points: External data is ingested through the index.query tool in packages/core/src/vector/context.ts.
- Boundary markers: The implementation does not include specific delimiters or instructions for the retrieved data.
- Capability inventory: The agent is granted high-privilege tool access (Bash, Write, Edit).
- Sanitization: PII is redacted, but the appId parameter is interpolated directly into query filters without escaping.
Audit Metadata