Skills
skills/tdimino/claude-code-minoan/rlama/Gen Agent Trust Hub

rlama

Warn

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill extensively uses subprocess.run and subprocess.Popen across multiple scripts (rlama_manage.py, rlama_query.py, rlama_resilient.py, etc.) to interface with the rlama CLI and ollama service.
  • [DATA_EXFILTRATION]: In scripts/rlama_retrieve.py, the synthesize function allows document chunks to be sent to external providers like OpenRouter and TogetherAI. This presents a data exposure risk as local knowledge base content is transmitted to cloud services.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its document ingestion and RAG pipeline. It reads arbitrary files and feeds them into LLM prompts without sanitization.
  • Ingestion points: Local files via rlama_resilient.py and rlama_batch_ingest.py.
  • Boundary markers: Limited use of system prompt structure in rlama_retrieve.py without strong delimiters.
  • Capability inventory: Execution of CLI tools and filesystem management (shutil.rmtree).
  • Sanitization: No content filtering is applied prior to LLM processing.
  • [EXTERNAL_DOWNLOADS]: Scripts make network requests to external APIs for LLM synthesis and embedding, including openrouter.ai and together.xyz.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 2, 2026, 09:44 PM