Skills
skills/yonatangross/orchestkit/query-decomposition/Gen Agent Trust Hub

query-decomposition

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (MEDIUM): The skill implements query decomposition by passing raw user input to an LLM to extract search concepts.
  • Ingestion points: The query parameter in decompose_query and the QueryDecomposer.search method in SKILL.md.
  • Boundary markers: No delimiters (e.g., XML tags or triple backticks) are used to isolate user input from the system instructions.
  • Capability inventory: The extracted 'concepts' are passed to a search_fn callback. While primarily used for retrieval, an attacker could manipulate these concepts to perform unauthorized data discovery.
  • Sanitization: The input is used directly as provided, allowing an attacker to potentially override the LLM's instructions to return malicious search terms or bypass retrieval logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 01:27 AM