Skills
NYC
skills/vm0-ai/vm0-skills/qdrant/Gen Agent Trust Hub

qdrant

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill retrieves payloads from a Qdrant database, creating a surface for indirect prompt injection where stored data could potentially manipulate agent behavior.\n
  • Ingestion points: Data retrieved via curl from Qdrant REST API endpoints (e.g., /collections/my_collection/points/query) in SKILL.md.\n
  • Boundary markers: Absent; the skill does not instruct the agent to use specific delimiters or ignore instructions within retrieved payloads in SKILL.md.\n
  • Capability inventory: Execution of shell commands via bash -c and network requests via curl in SKILL.md.\n
  • Sanitization: Absent; no validation or escaping of the retrieved data is mentioned in SKILL.md.\n- [Command Execution] (SAFE): The skill uses bash and curl for its primary purpose of interacting with the Qdrant API. Commands are constructed using environment variables QDRANT_URL and QDRANT_API_KEY, which is a standard and expected practice for this type of utility.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:05 PM