Skills
skills/wedsamuel1230/rag-cli-tool/rag-cli-operator/Gen Agent Trust Hub

rag-cli-operator

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill provides instructions to store sensitive API keys (e.g., POE_API_KEY, OPENAI_API_KEY) as machine-level environment variables via PowerShell. This practice exposes credentials to all users and processes on the operating system and encourages unnecessary privilege escalation.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution via the uv tool to perform workspace initialization, document ingestion, and querying.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its document processing workflow.
  • Ingestion points: External document content is ingested from local paths provided via the --src argument in SKILL.md.
  • Boundary markers: The skill does not implement or mention the use of delimiters or specific instructions to isolate untrusted document content from agent instructions.
  • Capability inventory: The skill allows for command execution (uv run rag-cli) and querying of the ingested data using an LLM.
  • Sanitization: No sanitization, validation, or filtering of the content within the ingested documents is documented or implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 03:18 PM