ai-rag-pipeline
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to interact with the infsh CLI, enabling operations such as logging in and running application-specific tasks for search and analysis.
- [EXTERNAL_DOWNLOADS]: The skill references and integrates third-party AI models and search providers via the inference.sh platform, and provides links to external documentation and installation scripts.
- [DATA_EXFILTRATION]: The skill's primary function involves sending queries and retrieved context to external LLM providers (via OpenRouter) and search engines (Tavily, Exa), which is standard behavior for a RAG pipeline.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8) because it retrieves untrusted data from the web and interpolates it directly into LLM prompts. Ingestion point: output from search tools (tavily/search-assistant, exa/search). Boundary markers: Absent (uses text headers like 'Search Results' instead of strict delimiters). Capability inventory: the agent has access to the Bash tool. Sanitization: Absent.
Audit Metadata