local-rag-search
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The README instructions recommend installing the
mcp-local-ragprerequisite server from an untrusted GitHub repository (nkapila6/mcp-local-rag) using theuvxcommand. This pattern involves downloading and executing code from an unverified external source during environment setup. - PROMPT_INJECTION (LOW): The skill provides a high surface area for Indirect Prompt Injection (Category 8) as it is designed to ingest and process arbitrary web content. Evidence chain:
- Ingestion points: Data retrieved from DuckDuckGo, Google, and other search backends via tools like
rag_search_googleanddeep_researchin SKILL.md. - Boundary markers: Absent; there are no instructions for the agent to use delimiters or to disregard instructions found within the retrieved search results.
- Capability inventory: Primarily data retrieval and synthesis (LOW tier capability), though it influences agent reasoning and downstream responses.
- Sanitization: Absent; the skill does not include logic or instructions to filter or escape malicious instructions embedded in web pages.
Audit Metadata