chunking-strategies
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): This skill processes untrusted external text documents, serving as a potential entry point for indirect prompt injection attacks. 1. Ingestion points: Input files are read in scripts/chunk-fixed-size.py, scripts/chunk-recursive.py, and scripts/chunk-semantic.py. 2. Boundary markers: Absent; chunks are not delimited or tagged to prevent instruction override in downstream RAG tasks. 3. Capability inventory: Restricted to local file system read/write (open). No network access, subprocess calls, or dynamic execution (eval/exec) detected. 4. Sanitization: No sanitization of input content is performed.
- [External Downloads] (INFO): The README.md recommends optional dependencies including nltk, pypdf, numpy, and pandas. These are standard packages from the PyPI registry and are appropriate for the stated purpose.
- [No Code] (LOW): The documentation (README.md and SKILL_SUMMARY.md) references several scripts and an examples directory (e.g., benchmark-chunking.py, examples/chunk-pdf.py) that are not included in the provided file set.
Audit Metadata