The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: The skill ingests untrusted data from web search tools like Tavily and Exa into shell variables such as $SEARCH, $TAVILY, and $EXA. Boundary markers: There are no delimiters or instructions provided to the model to ignore embedded commands in the retrieved content. Capability inventory: The agent can execute LLM inference and search operations via the infsh CLI across various models. Sanitization: There is no evidence of content validation or escaping before interpolation into the prompt.
[COMMAND_EXECUTION]: The Bash script examples interpolate shell variables directly into double-quoted JSON strings for input to the infsh CLI. This creates a risk of JSON parsing errors or unintended shell expansion if the external search results contain special characters like double quotes or backticks, though execution is restricted to the infsh command as defined in allowed-tools.

ai-rag-pipeline