knowledge
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
ingest_documenttool inscripts/graph.pysupports downloading files from remote URLs (such as arXiv research papers) usingurllib.request.urlretrieve. The downloaded content is stored in the project's local data directory for RAG processing. - [COMMAND_EXECUTION]: The skill executes the
ripgrep(rg) search utility usingsubprocess.Popeninscripts/best_practices.pyandscripts/search/keyword.pyto efficiently scan markdown and code files within the project root. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes and retrieves content from untrusted external sources (Category 8).
- Ingestion points: Untrusted data enters the context via
ingest_document(from URLs or local files),update_knowledge_base, andcreate_knowledge_entry. - Boundary markers: No specialized delimiters or 'ignore internal instructions' markers are applied to retrieved knowledge before it is provided as context to the agent.
- Capability inventory: The skill has access to network operations (downloads), file system operations (read/write in project data), and local command execution (ripgrep).
- Sanitization: No sanitization, content filtering, or validation is performed on the ingested text or document content.
Audit Metadata