pgvector-search
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill implements database interaction patterns using SQLAlchemy. All provided SQL and Python code snippets use proper parameter binding (e.g., :query, :query_embedding), which is the standard defense against SQL injection.
- [INDIRECT_PROMPT_INJECTION] (LOW): The search service ingests user-provided text for querying. While the skill itself handles this safely, the resulting search output could contain data from untrusted sources (the indexed chunks). This is a standard architectural risk for retrieval systems but is managed through appropriate data handling in this implementation.
- [EXTERNAL_DOWNLOADS] (INFO): The documentation suggests the use of the uuid-utils package for certain Python versions. This is a common utility package and does not represent an automated or untrusted download risk.
Audit Metadata