Skills
skills/yonatangross/orchestkit/multimodal-rag/Gen Agent Trust Hub

multimodal-rag

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill possesses a significant attack surface for indirect prompt injection via untrusted external files.\n
  • Ingestion points: Functions extract_document_elements and extract_tables in references/multimodal-chunking.md parse PDF files. embed_image in references/clip-embeddings.md processes image files.\n
  • Boundary markers: Absent. Extracted content is placed into DocumentChunk objects without delimiters or instructions to ignore embedded commands.\n
  • Capability inventory: Network operations via voyageai and Milvus; VLM interaction via analyze_image_claude.\n
  • Sanitization: Absent. Extracted data is passed directly to prompts in detect_chart_type without validation.\n- [External Downloads] (LOW): Downloads models from Hugging Face.\n
  • Evidence: CLIPModel.from_pretrained and AutoModel.from_pretrained.\n
  • Trust Status: Hugging Face is a trusted source; finding downgraded to LOW per [TRUST-SCOPE-RULE].
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:00 AM