weaviate
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious behavior, obfuscation, or unauthorized data access detected. The skill follows best practices by using environment variables for API keys and referencing official client libraries.\n- [COMMAND_EXECUTION]: Includes standard instructions for setting up the database environment using
docker composeand installing dependencies vianpmandpip.\n- [EXTERNAL_DOWNLOADS]: References official Docker images from the Weaviate container registry and verified client libraries from npm and PyPI.\n- [PROMPT_INJECTION]: The skill demonstrates Retrieval-Augmented Generation (RAG) capabilities, which involve interpolating indexed data into LLM prompts. This creates a surface for indirect prompt injection if the indexed content is untrusted.\n - Ingestion points:
import.js(data objects imported into the 'Article' collection).\n - Boundary markers: Absent in the example snippets.\n
- Capability inventory: File system access (backups), Docker management, and REST API operations.\n
- Sanitization: Not explicitly shown in the example code.
Audit Metadata